Topic
3 replies Latest Post - ‏2013-05-31T17:36:11Z by HermannSW
FrankX.Ning
FrankX.Ning
26 Posts
ACCEPTED ANSWER

Pinned topic Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

‏2013-05-26T11:52:34Z |

Hello,

I tried to install the root-ca-cert.pem from the ResourceKit.5000 for XI520 into the Java certificate store inside RAD 803. I got the "Input not an X.509 certificate" error from the keytool:

C:\IBM\SDP\jdk\bin>keytool -import -alias dproot -file root-ca-cert.pem -keystore cacerts
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Input not an X.509 certificate

Any advice?

Frank

  • HermannSW
    HermannSW
    3144 Posts
    ACCEPTED ANSWER

    Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

    ‏2013-05-28T16:02:50Z  in response to FrankX.Ning

    Hi Frank,

    I just looked on RessourceKit CD for my XI52.

    Just to make sure your CD is fine, do you get the same sums for your file?

    $ md5sum root-ca-cert.pem
    2b7fafcd7ff0f3fde4bbc0e87f1db3a1  root-ca-cert.pem
    $ sha1sum root-ca-cert.pem
    237edd7d2c2f33a5a988a5227192ef9c258ee057  root-ca-cert.pem
    $

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    • FrankX.Ning
      FrankX.Ning
      26 Posts
      ACCEPTED ANSWER

      Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

      ‏2013-05-31T08:59:11Z  in response to HermannSW

      Hi Herman,

      Thanks for your response.

      It looks like there is no corruption issue with the file. Here are what I got:

      $ md5sum root-ca-cert.pem
      2b7fafcd7ff0f3fde4bbc0e87f1db3a1 *root-ca-cert.pem
       

      $ sha1sum root-ca-cert.pem
      237edd7d2c2f33a5a988a5227192ef9c258ee057 *root-ca-cert.pem
       

      • HermannSW
        HermannSW
        3144 Posts
        ACCEPTED ANSWER

        Re: Datapower XI520: root-ca-cert.pem can not be installed into Java cert-store: Input not an X.509 certificate

        ‏2013-05-31T17:36:11Z  in response to FrankX.Ning

        Hi Frank,

        if the cert would be broken, Openssl would tell you -- but as you can see below everything is fine.

        I see you use the IBM JDK keytool.

        Either you call it incorrectly (I don't know), of that keytool is broken (not sure how you could create a PMR then).
         

        $ openssl x509 -in root-ca-cert.pem -text -noout
        Certificate:
            Data:
                Version: 3 (0x2)
                Serial Number: 1 (0x1)
                Signature Algorithm: sha1WithRSAEncryption
                Issuer: C=US, O=IBM, OU=WebSphere Appliances, CN=Root CA
                Validity
                    Not Before: Oct 27 20:55:53 2009 GMT
                    Not After : Jan  1 00:00:00 2038 GMT
                Subject: C=US, O=IBM, OU=WebSphere Appliances, CN=Root CA
                Subject Public Key Info:
                    Public Key Algorithm: rsaEncryption
                        Public-Key: (2048 bit)
                        Modulus:
                            00:bc:fe:ff:5e:a3:3e:78:27:be:ab:58:49:18:7c:
        ...

        ...
                71:b7:eb:c2:ca:6f:20:94:c0:4b:16:75:2e:45:50:2f:47:2c:
                9a:a6:8f:be
        $

         

        Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>