Troubleshooting: Error: “java.lang.Exception: Input not an X.509 certificate.”

This Article consists of advanced troubleshooting to a very problematic issue that comes up with versions of Keytool when installing an SSL certificate. There can be numerous causes for this issue. By all normal means when following SSL Installation Instructions for Tomcat using pkcs7 or SSL Installation Instructions for Tomcat using x.509 the user should have a smooth installation, but user may receive the following error message. Issue: During installation of an SSL Certificate on a Tomcat/jBoss system you may get the following error using keytool: Error: “java.lang.Exception: Input not an X.509 certificate.” Causes: The cause of this error can happen for any of the following reasons. Your version of Tomcat keytool will not accept a pkcs7/.p7b format certificate. The certificate that you are […]

Read More

JBoss HTTP – SSL Installation

JBoss Http is a very custom environment and your system may differ. Below are generalized instructions. If you have a custom installation, you will need to adjust these instructions appropriately. Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system. To install your SSL certificate On JBoss Http perform the following. Step 1: Downloading your SSL Certificate & its Intermediate CA certificate: If you had the option of server type during […]

Read More

JBoss Tomcat – CSR Instructions

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your JBoss  Tomcat server. JBoss Tomcat uses keystores for its certificate web server configurations. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. Note: JBoss is a very custom environment and your system may differ. Below are generalized instructions. The naming conventions of of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. In order to generate a keystore for your JBoss Tomcat system perform the following instructions listed below. Step 1: Create a Keystore: […]

Read More

JBoss Tomcat X509 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server or keystore  where your Certificate Signing Request (CSR) was created. Your private key will always be left on and inside the  server system and keystore where the CSR was originally created. Your SSL certificate will not work without original keystore file. We will assume that this is the original system. JBoss is a very customization environment below are generalized instructions, you will have to adapt these instructions to your own environment. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. In order to install your X509 SSL […]

Read More

JBoss Tomcat using pkcs7 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server or keystore  where your Certificate Signing Request (CSR) was created. Your private key will always be left on and inside the  server system and keystore where the CSR was originally created. Your SSL certificate will not work without original keystore file. We will assume that this is the original system. JBoss is a very customization environment below are generalized instructions, you will have to adapt these instructions to your own environment. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. In order to install your JBoss Tomcat pkcs7 SSL […]

Read More

JBoss HTTP Server – CSR Instructions

To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated. JBoss HTTP Server (Apache) is a very custom environment and your system may differ. Below are generalized instructions. The utility “openssl” is used to generate the key and CSR. This utility comes with the OpenSSL package and is usually installed under /usr/local/ssl/bin. If you have a custom installation, you will need to adjust these instructions appropriately. To generate a CSR on JBoss HTTP Server  perform the following. Step 1: Generating your private key pair: On the Apache system type the following command at the prompt. openssl genrsa -des3 -out <private key file […]

Read More

Java Keytool Commands

Keytool is a tool used by Java systems to configure and manipulate Keystores. The following are a list of  commands that allow you to generate a new Java  keystore file, create a CSR, import certificates, convert, and check keystores. The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions. Keep track of all your files, alias’s, and passwords. Generating: Generate a Java keystore and key pair: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 Generate a certificate signing request (CSR) for an existing Java keystore:  keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr Generate a keystore and self-signed certificate: keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity […]

Read More