Problem on importing certificate to *.jks file
Hi,
I done the initial steps to create a certificate. Sent it to CA to authorized it and got it sent back. Anyway, when i tried to import the *.crt file i received into the *.jks file, i received the below error.
java.io.EOFException
at java.io.DataInputStream.readFully(Unknown Source)
at java.io.DataInputStream.readFully(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(Unknown Source)
at sun.security.tools.KeyTool.installReply(Unknown Source)
at sun.security.tools.KeyTool.doCommands(Unknown Source)
at sun.security.tools.KeyTool.run(Unknown Source)
at sun.security.tools.KeyTool.main(Unknown Source)
keytool error: java.security.cert.CertificateException
The command i type is also as below:
keytool -import -keystore mydomain.jks -alias mydomain.com -file mycertificate.crt
Hope that someone can help.
Btw, I do have another problem that i need some help also. Anyone done before trying to install a certificate (*.cer) imported from IIS and to install into a Java generic web server? Any clue? Thanks again.
[1423 byte] By [
stlowa] at [2007-11-26 21:41:00]
# 1
Well, it looks like keytool cannot parse the file correctly. Have you tried --
keytool -printcert -file mycertificate.crt
Sometimes, certificate file includes extra info that keytool does not accept. If your file looks like an ASCII file, the certificate should be the part between BEGIN CERTIFICATE and END CERTIFICATE (these 2 lines included).
# 2
Hi,
I tried the command you mentioned and i got this error.
java.io.EOFException
at java.io.DataInputStream.readFully(Unknown Source)
at java.io.DataInputStream.readFully(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(Unknown Source)
at sun.security.tools.KeyTool.doPrintCert(Unknown Source)
at sun.security.tools.KeyTool.doCommands(Unknown Source)
at sun.security.tools.KeyTool.run(Unknown Source)
at sun.security.tools.KeyTool.main(Unknown Source)
keytool error: java.lang.Exception: Failed to parse input
As you said, it failed to parse the input. Why is this happening and is there any way to import the cert in? The cert is is a form "BEGIN CERTIFICATE and END CERTIFICATE". So i guess the file is correct? Thanks.
# 3
Strange, have you tried reading the certificate with other tools (like openssl) or importing it into Firefox/IE?Since the certificate is meant to be publicized to the world. How about posting it here?
# 4
Hi,
Below is the certificate. Actually i am trying it out. So i do not mind posting it here.
--BEGIN CERTIFICATE--
MIIFbDCCBFSgAwIBAgIQFfM1DhC9d12qptr8zQIpQDANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNMDcwMzE1MDAwMDAwWhcNMDcwNDE0MjM1OTU5WjCB6TELMAkG
A1UEBhMCTVkxFTATBgNVBAgTDEt1YWxhIEx1bXB1cjESMBAGA1UEBxMJQ3liZXJq
YXlhMRAwDgYDVQQKEwdNYXliYW5rMRswGQYDVQQLExJNYXliYW5rIEUtQ29tbWVy
Y2UxLTArBgNVBAsTJFRFU1QgVVNFIE9OTFkgLSBOTyBXQVJSQU5UWSBBVFRBQ0hF
RDEhMB8GA1UECxMYUHJvdmlkZWQgYnkgSG9zdGxvb3AuY29tMREwDwYDVQQLEwhU
cmlhbFNTTDEbMBkGA1UEAxMSbWFsbC5tYXliYW5rMnUubmV0MIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDmeSAoEm17W3rE/rdaSo2dMHpiI7lbeYlqQdC8Zsik
Zi+LZh/uUJjOwPjbDWtaAk4uMPy11vygZM/WVLVxrxTOYfnQJ4KXdofwupqVLJ3I
PUIHtbm/T3ugfwA9JHsBdZOiUD0xnkqy92cnAhrjW1q7MbbfpHETKGMbziVY+v6L
CwIDAQABo4IB4jCCAd4wHwYDVR0jBBgwFoAUoXJfJhsomEOVXQc31YWWnUvSw0Uw
HQYDVR0OBBYEFM5VGfVf7N8XVUBcOnEZefRgMB8wMA4GA1UdDwEB/wQEAwIFoDAM
BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglg
hkgBhvhCAQEEBAMCBsAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwQwKzApBggr
BgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwewYDVR0fBHQw
cjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vVVROLVVTRVJGaXJzdC1I
YXJkd2FyZS5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9VVE4tVVNF
UkZpcnN0LUhhcmR3YXJlLmNybDCBhgYIKwYBBQUHAQEEejB4MDsGCCsGAQUFBzAC
hi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BZGRUcnVzdFNlcnZlckNBLmNy
dDA5BggrBgEFBQcwAoYtaHR0cDovL2NydC5jb21vZG8ubmV0L1VUTkFkZFRydXN0
U2VydmVyQ0EuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAGC5DA4SXiHKg+8m2+SxqG
JOOLmT5NkISozdD6m/5/lW5jVfgYmkxUaMvGTP3qjFAJA180NQPoRvT00QbmdxJD
nrA3xonHHtGfO+fuJrq2a67JXK0wC8nyFqnGJ2ItbV9xg1YQmEkGbMcfUgIGKO+r
fiIHpfAAUuu5tWeDfO+BRX2HYatK4eyz8tqWGsasY2LfJwoQJiUCyXpBW7WdRPYi
1AxoM8Om9WOj6TXKqOhHPNKci9aUAe0LpPw4LD52h6QJ+3UNJQCDUamBOj47knIM
oS+7ZvhWWhYK6LOCtaj1AJCS+mQ/KuUEe7CuHfHN3EPZqblDYY0bTa9dCiFyZjkE
--END CERTIFICATE--
I do not have other tools. Maybe i will download and try it out later and see how it goes. Thanks.
# 5
Strange, I can read it, using keytools from JDK 4, 5, 6, 7.
# 6
Hmmm.....I dunno where went wrong too. I used keytool from Java 2 Runtime Environment. Any difference?
I tried to use JDK 6 to read it, and i got this error again.
keytool error: java.security.cert.CertificateException: java.io.EOFException
I checked it on the internet and it said "Please double check there is no extra whitespace in the file." What does it mean? Sorry for all the trouble as i am a newbie in this. Thanks.
# 7
Please send a copy of your certificate as attachment (do not paste into mail content directly) to java-security@sun.com. Remember to write the subject line as "JAVASEC - your question".Also, please include the exact version number of your JRE, using java -version output.
