Troubleshooting: Error: “java.lang.Exception: Input not an X.509 certificate.”

This Article consists of advanced troubleshooting to a very problematic issue that comes up with versions of Keytool when installing an SSL certificate. There can be numerous causes for this issue. By all normal means when following SSL Installation Instructions for Tomcat using pkcs7 or SSL Installation Instructions for Tomcat using x.509 the user should have a smooth installation, but user may receive the following error message. Issue: During installation of an SSL Certificate on a Tomcat/jBoss system you may get the following error using keytool: Error: “java.lang.Exception: Input not an X.509 certificate.” Causes: The cause of this error can happen for any of the following reasons. Your version of Tomcat keytool will not accept a pkcs7/.p7b format certificate. The certificate that you are […]

Read More

Keystore .jks Keytool – CSR Generation & SSL Installation Guide.

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your Oracle system. Oracle systems such as Tomcat or Web Logic use keystores for its certificate web server configurations. If you lose your keystore file or your password to access it your SSL Certificate will no longer match and you will need to replace the certificate. Note: Keystores created from an Oracle Keytool or Tomcat type environment can be heavily customized. Below are generalized instructions. The naming conventions of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. If you do not want to be thrown back into the stone age doing command line of a Keystore using keytool… […]

Read More

JBoss Tomcat – CSR Instructions

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your JBoss  Tomcat server. JBoss Tomcat uses keystores for its certificate web server configurations. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. Note: JBoss is a very custom environment and your system may differ. Below are generalized instructions. The naming conventions of of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. In order to generate a keystore for your JBoss Tomcat system perform the following instructions listed below. Step 1: Create a Keystore: […]

Read More

JBoss Tomcat X509 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server or keystore  where your Certificate Signing Request (CSR) was created. Your private key will always be left on and inside the  server system and keystore where the CSR was originally created. Your SSL certificate will not work without original keystore file. We will assume that this is the original system. JBoss is a very customization environment below are generalized instructions, you will have to adapt these instructions to your own environment. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. In order to install your X509 SSL […]

Read More

Java Keytool Commands

Keytool is a tool used by Java systems to configure and manipulate Keystores. The following are a list of  commands that allow you to generate a new Java  keystore file, create a CSR, import certificates, convert, and check keystores. The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions. Keep track of all your files, alias’s, and passwords. Generating: Generate a Java keystore and key pair: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 Generate a certificate signing request (CSR) for an existing Java keystore:  keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr Generate a keystore and self-signed certificate: keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity […]

Read More