[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Error While importing certificate into keystore
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2022-06-28 16:25:29
Message-ID: 87a7f6f4-2090-7d59-d0d3-630f36d03c4d () christopherschultz ! net
[Download RAW message or body]

Mohan,

On 6/28/22 09:54, Mohan T wrote:
> I am trying top import the certificate into keystore and encountered the 
> below error.
> 
> Would appreciate if you could throw some light on this
> 
> $ keytool -importkeystore -srckeystore /home/ilas/Downloads/okta.cert 
> -srcstoretype pkcs12 -destkeystore /home/ilas/Downloads/keystore.jks 
> -deststoretype JKS
> 
> Importing keystore /home/ilas/Downloads/okta.cert to 
> /home/ilas/Downloads/keystore.jks...
> 
> Enter destination keystore password:
> 
> Enter source keystore password:
> 
> keytool error: java.io.IOException: toDerInputStream rejects tag type 45

Open your okta.cert file in notepad/less or similar. Does it look like this?

-----BEGIN CERTIFICATE-----
[stuff]
-----END CERTIFICATE-----

If so, then you want to do this:

$ keytool -importcert -keystore /home/ilas/Downloads/keystore.jks -alias 
'Okta 2022' < /home/ilas/Downloads/okta.cert

The cert may be in DER format which is just the same format but not 
using base64-encoding with the -----BEGIN and -----END wrapper around 
it. keytool can read that type of cert as well using the command above.

If you aren't super comfortable with keystores, PEM and/or DER files, 
etc. then I would suggest that you use a tool that can help you manage 
these things that will help you avoid mistakes such as Keystore Explorer:
https://keystore-explorer.org/

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]