SSL Cert Import Issue - Not an X.509 Cert Error

DCIM_Support · ‎2020-07-03

This question was originally posted on DCIM Support by Krista Flynn on 2017-09-13

I am having trouble working with ssl certificates in the DCIM Portal. I am receiving the following error when trying to import the cert. keytool error:java.lang.Exception: Input not an X.509 certificate.

DCIM_Support · ‎2020-07-03

This comment was originally posted on DCIM Support by spezialist on 2017-09-13

Hi Krista Flynn,

Please share the command line and its output, that you are trying to import the Web Server SSL cert onto your SxW Portal. This will help to solve your problem faster.

With respect.

DCIM_Support · ‎2020-07-03

This comment was originally posted on DCIM Support by Krista Flynn on 2017-09-13

I generated the key request and send it to our CA with the following command.

keytool -genkey -alias <alias> -keyalg RSA –keysize 2048 -keypass P@ssw0rd! -keystore <alias>.bin -storepass <passwd>

keytool -certreq -keyalg RSA -alias <alias> -file certreq.csr -keystore <alias>.bin

I edited the /conf/server.xml file with the appropriate changes in the documentation.

Once I got the certs back from CA I tried to import with the following. The second command below said it was successful. The first command below I am getting the error above that I put in my question.

keytool -import -alias root -keystore mykeystore -trustcacerts -file chain_certificate_filename
keytool -import -alias tomcat -keystore mykeystore -file certificate_filename

DCIM_Support · ‎2020-07-03

This comment was originally posted on DCIM Support by spezialist on 2017-09-13

Once I got the certs back from CA I tried to import with the following. The second command below said it was successful. The first command below I am getting the error above that I put in my question.

1. keytool -import -alias root -keystore mykeystore -trustcacerts -file chain_certificate_filename
2. keytool -import -alias tomcat -keystore mykeystore -file certificate_filename

I.e., you can not perform the import the root CA cert? While the import the new SxW Portal Web Server SSL cert did you succeed? I understand you correctly?

If so, it's very possible that you are trying to import a file that is not a certificate. You can, for example, look at the properties of the chain_certificate_filename file on Windows to make sure that it is indeed a certificate file?

With respect.

DCIM_Support · ‎2020-07-03

This answer was originally posted on DCIM Support by spezialist on 2017-09-14

Hi Krista Flynn,

In addition to the previous answer: to verify the validity of certificates, add to your files chain_certificate_filename and certificate_filename an extension, for example .cer: chain_certificate_filename.cer and certificate_filename.cer. Then, in the MS Windows environment, open the location of these two files by the explorer, you should see something similar with the indication that this is really a certificate:

Then just open (left-click on the file) first one file, and then another. If the file is indeed a digital certificate, you will see something similar with detailed information about the issuer of the certificate:

Otherwise, if the file is not a certificate file, you will get an opening error. This is an elementary test.

Always glad to answer your questions.

DCIM_Support · ‎2020-07-03

This comment was originally posted on DCIM Support by spezialist on 2017-09-17

Hi Krista Flynn,

Have you solved this problem or not?

With respect.

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.