Issue

The Java keytool may throw a "java.lang.Exception: Input not an X.509 certificate" error when trying to import a certificate into cacerts.

Reason

Certificates are generally imported into cacerts to make cfhttp or cfldap work with SSL. Instructions for importing a certifcate are in the Configuring Secure SSL Connection with LDAP Directory Server TechNote.

Solution

One way to ensure that the certificate being imported is in X.509 format is to create it using the following steps:

  1. Open the page that requires the certificate using https and double-click on the lock icon, which will open a certificate window.
  2. Select the Details tab.
  3. Click on the "Copy to file" button and click Next.
  4. Select the DER file format, which should be the default.
  5. Create the new file name [file name].cer and click Finish.
  6. Use the keytool to import this file.

Additional Information

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy