Skip to main content
M
mikefinch871-Visitor
1-Visitor
August 23, 2019
Solved

keytool error: java.lang.Exception: Input not an X.509 certificate

  • August 23, 2019
  • 1 reply
  • 13650 views

I am following the instructions here:

https://developer.thingworx.com/en/resources/guides/foundation-linux-install-guide/foundation-linux-create-ssl

 

Using JDK 1.8_131and Ubuntu 18.04 LTS

 

I keep getting the error above.  I found this article, https://www.ptc.com/en/support/article?n=CS147810, but it requires a maintenance subscription.  

Best answer by Constantine

The second version is correct. Since you are on Linux, it backslashes are interpreted as escape sequences instead of path delimiters, so the filename becomes incorrect and keytool cannot find it, giving this cryptic error message.

 

Then, keytool -import asks you for the destination store password, which is cacerts in this case, which is part of the JRE. The default password is changeit, please try it.

 

Finally, try to export your certificate from the JKS first, i.e.:

keytool -export -alias tomcat9 -file certificate -keystore twkeystore.jks

...and use "certificate" as the filename for keytool -import.

 

/ Constantine

1 reply

C
Constantine18-Opal
18-Opal
August 26, 2019

Hello,

 

Can you provide the exact commands that you execute? Also make sure you execute it from JDK's bin directory. Ah, and you should probably replace the backslashes with the forward ones...

 

Regards,
Constantine

M
mikefinch871-VisitorAuthor
1-Visitor
August 27, 2019

With \ slashes

root@thingworx-test:/usr/lib/jvm/jdk1.8.0_131/bin# keytool -import -alias tomcat9 -file "twkeystore.jks" -keystore "..\jre\lib\security\cacerts"
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Input not an X.509 certificate
root@thingworx-test:/usr/lib/jvm/jdk1.8.0_131/bin#

With / slashes

root@thingworx-test:/usr/lib/jvm/jdk1.8.0_131/bin# keytool -import -alias tomcat9 -file "twkeystore.jks" -keystore "../jre/lib/security/cacerts"
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
root@thingworx-test:/usr/lib/jvm/jdk1.8.0_131/bin#

I looked at the CA certs using the help on digi and think java is right and the cacerts file is not an X.509 cert.

C
Constantine18-OpalAnswer
18-Opal
August 28, 2019

The second version is correct. Since you are on Linux, it backslashes are interpreted as escape sequences instead of path delimiters, so the filename becomes incorrect and keytool cannot find it, giving this cryptic error message.

 

Then, keytool -import asks you for the destination store password, which is cacerts in this case, which is part of the JRE. The default password is changeit, please try it.

 

Finally, try to export your certificate from the JKS first, i.e.:

keytool -export -alias tomcat9 -file certificate -keystore twkeystore.jks

...and use "certificate" as the filename for keytool -import.

 

/ Constantine

    Terms & ConditionsCookie settingsAccessibility statement