ColdFusion MX: Resolving the "Input not an X.509 certificate" error


The Java keytool may throw a "java.lang.Exception: Input not an X.509 certificate" error when trying to import a certificate into cacerts.


Certificates are generally imported into cacerts to make cfhttp or cfldap work with SSL. Instructions for importing a certifcate are in the Configuring Secure SSL Connection with LDAP Directory Server TechNote.


One way to ensure that the certificate being imported is in X.509 format is to create it using the following steps:

  1. Open the page that requires the certificate using https and double-click on the lock icon, which will open a certificate window.
  2. Select the Details tab.
  3. Click on the "Copy to file" button and click Next.
  4. Select the DER file format, which should be the default.
  5. Create the new file name [file name].cer and click Finish.
  6. Use the keytool to import this file.

Additional Information

Adobe logo

Sign in to your account