Ask a Question

Error: "keytool error: java.lang.Exception: Input not an X.509 certificate" due to improper format of certificate

Problem

Error: "Input not an X.509 certificate" when trying to import my Javasoft certificate into the Keystore.
Error occurs when importing Javasoft certificate into the Key store
Error occurs during import
Error: "keytool error: java.lang.Exception: Input not an X.509 certificate"
Error: Input not an X.509 certificate

Cause

Improperly formatted certificate is being imported into the keystore. JDK's keystore is very particular about the format that it accepts.

Solution

To resolve this issue, perform the following steps;
 
This is a sample of what a PKCS 7 file would be :
 
-----BEGIN PKCS7-----
MIIDvgYJKoZIhvcNAQcCoIIDrzCCA6sCAQExADALBgkqhkiG9w0BBwGgggORMIID
jTCCAvagAwIBAgIQUuSuRj0Dyvze/mcVMwwBCTANBgkqhkiG9w0BAQUFADCBzjEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl
IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl
ckB0aGF3dGUuY29tMB4XDTA2MTAyMDAzMzIyNVoXDTA3MTAyMDAzMzIyNVowgZEx
CzAJBgNVBAYTAkFVMREwDwYDVQQIEwhWaWN0b3JpYTESMBAGA1UEBxMJTWVsYm91
cm5lMS0wKwYDVQQKEyRDYXJlIEZvciBLaWRzIEludGVybmV0IFNlcnZpY2VzIFAv
TCAxCzAJBgNVBAsTAklTMR8wHQYDVQQDExZ3d3cuY2FyZWZvcmtpZHMuY29tLmF1
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw/gfqN/0OAf3uZku10cQSJw48
HUgfqRHZTRWHAvdxyORjWY/+7qozwx/Ja9VyxX/Z87hcY+EEXJ8WzB6Ojchl/D1K
9oWN9DnxDmiQgvPQ0F92nfxXeg71oIUS2EVChZoqHa25lv3VuKyk3eX0NFzKITwn
+qvYFcejBzTvUV5ewQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRoYXd0ZS5jb20v
VGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQmMCQwIgYIKwYB
BQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQUFAAOBgQDKFdgfgF6/y/aRvkRKVtU+PqCfiQ2+bLNEPy2xCK7LVM0k
SaZ407kT4F1I4NlPEyoKRNMa3b6m0+fk8J3yvqiZKI1eJbaLTDEeG7BtgcdaM1ST
iNaH2zqWlIShVTKEc8ACo1HUTP2slfQ7Q7GIR3sGU2Z+fRD3GXwwAoyo5Mh1aEA
MQA=
-----END PKCS7-----
(Please note this certificate is made invalid on purpose and is merely an example.)
Please check the following in order to try and resolve your problem:
 
1) There are no spaces in the certificate. 
2) The header and the footer are included. 
3) Save the certificate as a .crt file. 
 
 
 
Alternately the following information are suggested 'fixes' for this error:


1. Download the certificate in Standard Format and save it in Notepad as a .cer file You can download your certificate again. Depending on which channel your certificate was purchased through, perform the steps on the following link to download it in standard format: SO7369
 
NB: If you are unable to get the certificate in Standard Format (X.509 format), request that the agent helping you, email you the certificate in this format.
 
2. Once you saved the file with the above extension, right click on the file and choose 'Install certificate'. Keep clicking through the options until you get to Finish.
 
a. Now that it is installed into Internet Explorer, from within the browser click Tools -> Internet Options
b. Click the Content tab > Click Certificates.
c. Select your certificate out of the Other tab then click Export
d. Click Next.
e. Select the bullet that says: Cryptographic Message Syntax Standard - PKCS#7 Certificates (.P7B) and check the box that says: Include all certificates in the certification path if possible
f. Click Next
g. Click Browse.  Enter a file name and path for the new combined file to be saved.  You can save the file with a .CER extension
h. Click Next Finish
 
You will need to take this new file that was created and install it into the Java Keystore
 
The syntax that can be used is: "keytool -import -trustcacerts -keystore <name of your key store> -alias <name of your alias> -file <name of the file that was just created