Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84766members
354199posts

SSL Cert Import Issue - Not an X.509 Cert Error

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

DCIM_Support
Picard
Picard
0 Likes
6
1098

SSL Cert Import Issue - Not an X.509 Cert Error

This question was originally posted on DCIM Support by Krista Flynn on 2017-09-13


I am having trouble working with ssl certificates in the DCIM Portal.  I am receiving the following error when trying to import the cert.  keytool error:java.lang.Exception:  Input not an X.509 certificate.

(CID:124526883)

6 Replies 6
DCIM_Support
Picard
Picard
0 Likes
0
1100

Re: SSL Cert Import Issue - Not an X.509 Cert Error

This comment was originally posted on DCIM Support by spezialist on 2017-09-13


Hi Krista Flynn,

Please share the command line and its output, that you are trying to import the Web Server SSL cert onto your SxW Portal. This will help to solve your problem faster.

With respect.

(CID:124526900)

DCIM_Support
Picard
Picard
0 Likes
0
1101

Re: SSL Cert Import Issue - Not an X.509 Cert Error

This comment was originally posted on DCIM Support by Krista Flynn on 2017-09-13


I generated the key request and send it to our CA with the following command. 

keytool -genkey -alias <alias> -keyalg RSA –keysize 2048 -keypass P@ssw0rd! -keystore <alias>.bin -storepass <passwd>

keytool -certreq -keyalg RSA -alias <alias> -file certreq.csr -keystore <alias>.bin

I edited the /conf/server.xml file with the appropriate changes in the documentation.

Once I got the certs back from CA I tried to import with the following.  The second command below said it was successful.  The first command below I am getting the error above that I put in my question. 

  1. keytool -import -alias root -keystore mykeystore  -trustcacerts -file  chain_certificate_filename
  2. keytool -import -alias tomcat -keystore mykeystore -file certificate_filename


(CID:125208452)

DCIM_Support
Picard
Picard
0 Likes
0
1101

Re: SSL Cert Import Issue - Not an X.509 Cert Error

This comment was originally posted on DCIM Support by spezialist on 2017-09-13


Once I got the certs back from CA I tried to import with the following. The second command below said it was successful. The first command below I am getting the error above that I put in my question.

1. keytool -import -alias root -keystore mykeystore -trustcacerts -file chain_certificate_filename
2. keytool -import -alias tomcat -keystore mykeystore -file certificate_filename

I.e., you can not perform the import the root CA cert? While the import the new SxW Portal Web Server SSL cert did you succeed? I understand you correctly?

If so, it's very possible that you are trying to import a file that is not a certificate. You can, for example, look at the properties of the chain_certificate_filename file on Windows to make sure that it is indeed a certificate file?

With respect.

(CID:125208454)

DCIM_Support
Picard
Picard
0 Likes
0
1101

Re: SSL Cert Import Issue - Not an X.509 Cert Error

This answer was originally posted on DCIM Support by spezialist on 2017-09-14


Hi Krista Flynn,

In addition to the previous answer: to verify the validity of certificates, add to your files chain_certificate_filename and certificate_filename an extension, for example .cer: chain_certificate_filename.cer and certificate_filename.cer. Then, in the MS Windows environment, open the location of these two files by the explorer, you should see something similar with the indication that this is really a certificate:

Then just open (left-click on the file) first one file, and then another. If the file is indeed a digital certificate, you will see something similar with detailed information about the issuer of the certificate:


Otherwise, if the file is not a certificate file, you will get an opening error. This is an elementary test.

Always glad to answer your questions.

(CID:125208448)

DCIM_Support
Picard
Picard
0 Likes
0
1101

Re: SSL Cert Import Issue - Not an X.509 Cert Error

This comment was originally posted on DCIM Support by spezialist on 2017-09-17


Hi Krista Flynn,

Have you solved this problem or not?

With respect.

(CID:125208260)

DCIM_Support
Picard
Picard
0 Likes
0
1101

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.