Ask a Question

Advanced Search

Solution ID : SO4333

Last Modified : 05/02/2018

Error: "java.lang.Exception: Input not an X.509 certificate"



"keytool error: java.lang.Exception: Input not an X.509 certificate"
"Input not an X.509 certificate" when trying to import my Sun Java™ certificate into the keystore.
Error occurs when importing Sun Java™ certificate into the keystore.


This error occurs when one of the following conditions are true:

  • The incorrect alias was specified during the import command.
  • No alias was specified while trying to import the certificate.
  • The incorrect keystore file was used during the import command.
  • Improperly formatted certificate is being imported into the keystore.


To resolve this issue:

  1. Use the correct alias in your command.
  2. Verify that command points to the keystore using its exact name.
  3. Verify that certificate is formatted correctly. Open your certificate with a plain text editor (ie. notepad, vim):
  • The header and footer are included enclosed between five dashes.
  • There are no trailing spaces on each line.
  • The certificate is saved as a .p7b.
  1. Use the following syntax while performing the import function:
keytool -import -trustcacerts -alias alias_name -file certificate_file.p7b -keystore keystore_name


Note: Where alias_name, is the alias of the private key in your keystore, keystore_name is the path to your keystore and keystore_output.txt the file that will be created.
You will be prompted to enter the keystore password.

Important: If you have forgotten your alias or need to verify your keystore details, refer to  SO28992