openSSL generated crt file return error when i want to import it using keytool

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

openSSL generated crt file return error when i want to import it using keytool

legolas
Hi
Thank you for reading my post
I have signed a private key using open ssl, the command i used is like:

openssl ca  -out server.crt -infiles server.csr

now when i try to import it into keystore.jks using java keytool it return an error like:


keytool -import -v -trustcacerts -alias server -keystore keystore.jks -keypass adminadmin -storepass changeit -file server.crt
keytool error: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data



can you please tell me what is wrong?



thanks
Reply | Threaded
Open this post in threaded view
|

Re: openSSL generated crt file return error when i want to import it using keytool

legolas
legolas wrote
Hi
Thank you for reading my post
I have signed a private key using open ssl, the command i used is like:

openssl ca  -out server.crt -infiles server.csr

now when i try to import it into keystore.jks using java keytool it return an error like:


keytool -import -v -trustcacerts -alias server -keystore keystore.jks -keypass adminadmin -storepass changeit -file server.crt
keytool error: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data



can you please tell me what is wrong?



thanks

Any comment for me?
Reply | Threaded
Open this post in threaded view
|

Re: openSSL generated crt file return error when i want to import it using keytool

Marek.Marcola
Hello,

> > Thank you for reading my post
> > I have signed a private key using open ssl, the command i used is like:
> >
> > openssl ca  -out server.crt -infiles server.csr
> >
> > now when i try to import it into keystore.jks using java keytool it return
> > an error like:
> >
> >
> > keytool -import -v -trustcacerts -alias server -keystore keystore.jks
> > -keypass adminadmin -storepass changeit -file server.crt
> > keytool error: java.security.cert.CertificateParsingException: invalid
> > DER-encoded certificate data
> >
> >
> >
> > can you please tell me what is wrong?
> >
> >
> >
> > thanks
> >
> >
>
>
> Any comment for me?
OpenSSL adds some human-readable info about certificate when signing.
This info is added at the beginning of generated certificate.
Some systems (Windows) do not like this information.
Try to remove any text until "---- BEGINIG ..." clause
to get "plain" PEM file.
If this will not work you may try to convert this PEM file to DER
format:
        openssl x509 -in server.crt -out server.der -outform DER
and then check again.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]