Topic
  • 3 replies
  • Latest Post - ‏2013-05-31T17:36:11Z by HermannSW
FrankX.Ning
FrankX.Ning
47 Posts

Pinned topic Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

‏2013-05-26T11:52:34Z |

Hello,

I tried to install the root-ca-cert.pem from the ResourceKit.5000 for XI520 into the Java certificate store inside RAD 803. I got the "Input not an X.509 certificate" error from the keytool:

C:\IBM\SDP\jdk\bin>keytool -import -alias dproot -file root-ca-cert.pem -keystore cacerts
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Input not an X.509 certificate

Any advice?

Frank

  • HermannSW
    HermannSW
    6207 Posts

    Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

    ‏2013-05-28T16:02:50Z  

    Hi Frank,

    I just looked on RessourceKit CD for my XI52.

    Just to make sure your CD is fine, do you get the same sums for your file?

    $ md5sum root-ca-cert.pem
    2b7fafcd7ff0f3fde4bbc0e87f1db3a1  root-ca-cert.pem
    $ sha1sum root-ca-cert.pem
    237edd7d2c2f33a5a988a5227192ef9c258ee057  root-ca-cert.pem
    $

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

  • FrankX.Ning
    FrankX.Ning
    47 Posts

    Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

    ‏2013-05-31T08:59:11Z  
    • HermannSW
    • ‏2013-05-28T16:02:50Z

    Hi Frank,

    I just looked on RessourceKit CD for my XI52.

    Just to make sure your CD is fine, do you get the same sums for your file?

    $ md5sum root-ca-cert.pem
    2b7fafcd7ff0f3fde4bbc0e87f1db3a1  root-ca-cert.pem
    $ sha1sum root-ca-cert.pem
    237edd7d2c2f33a5a988a5227192ef9c258ee057  root-ca-cert.pem
    $

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    Hi Herman,

    Thanks for your response.

    It looks like there is no corruption issue with the file. Here are what I got:

    $ md5sum root-ca-cert.pem
    2b7fafcd7ff0f3fde4bbc0e87f1db3a1 *root-ca-cert.pem
     

    $ sha1sum root-ca-cert.pem
    237edd7d2c2f33a5a988a5227192ef9c258ee057 *root-ca-cert.pem
     

  • HermannSW
    HermannSW
    6207 Posts

    Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

    ‏2013-05-31T17:36:11Z  

    Hi Herman,

    Thanks for your response.

    It looks like there is no corruption issue with the file. Here are what I got:

    $ md5sum root-ca-cert.pem
    2b7fafcd7ff0f3fde4bbc0e87f1db3a1 *root-ca-cert.pem
     

    $ sha1sum root-ca-cert.pem
    237edd7d2c2f33a5a988a5227192ef9c258ee057 *root-ca-cert.pem
     

    Hi Frank,

    if the cert would be broken, Openssl would tell you -- but as you can see below everything is fine.

    I see you use the IBM JDK keytool.

    Either you call it incorrectly (I don't know), of that keytool is broken (not sure how you could create a PMR then).
     

    $ openssl x509 -in root-ca-cert.pem -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 1 (0x1)
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=US, O=IBM, OU=WebSphere Appliances, CN=Root CA
            Validity
                Not Before: Oct 27 20:55:53 2009 GMT
                Not After : Jan  1 00:00:00 2038 GMT
            Subject: C=US, O=IBM, OU=WebSphere Appliances, CN=Root CA
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:bc:fe:ff:5e:a3:3e:78:27:be:ab:58:49:18:7c:
    ...

    ...
            71:b7:eb:c2:ca:6f:20:94:c0:4b:16:75:2e:45:50:2f:47:2c:
            9a:a6:8f:be
    $

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>