9

I am trying to import Gmails smtp certificate for use with Jira, but I get this error when importing using Javas keytool.

I used openssl to get the certificate, everything between ----Begin Certificate---- and ----End Certificate---- (inclusive). I also attempted to create an x.509 certificate using Windows Certificate Manager, but still get this error. I have verified that there are no extra whitespaces in the file.

I have seen many people with this problem online, but none of the solutions seem to work for me. Any help would be appreciated.

Thanks

Improve this question

3 Answers 3

Reset to default
16

openssl x509 -outform der -in foo.pem -out foo.der

Then use the DER-encoded output certificate.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I was really hoping this would work, but I jut keep getting the same error. Here is what I'm doing exactly. openssl s_client -connect smtp.gmail.com:465 I copy that to a file called gmail.pem openssl x509 -outform der -in gmail.pem -out gmail.der keytool -import -file pathTo/gmail.der -keystore pathTo/cacerts
This actually did work, I forgot the argument -trustcacerts when using keytool. Thanks for the help
@dbbooh01 the reason this probably worked is because -trustcacerts imports the standard root CAs from the distributed cacerts file. This would include the root CAs that were in the trust chain for Gmail.
@dbbooh01 : will you give me whole command you have entered. i have also write x509 -outform der -in gmail.pem -out gmail.der but it doesn't generate file gamil.der. where it generate file gmail.der ?
5

The answer is correct but be sure to INCLUDE the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the copy/paste. This command will then work:

openssl x509 -outform der -in gmail.pem -out gmail.der

and then you do:

sudo keytool -import -file gmail.der -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts
Improve this answer

1 Comment

Yepp, this was the cause of my problem too
2

Unfortunately, openssl didn't work for me.

unable to load certificate 2740:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:./crypto/as n1/tasn_dec.c:1294: 2740:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:./ crypto/asn1/tasn_dec.c:380:Type=X509_CINF 2740:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e rror:./crypto/asn1/tasn_dec.c:749:Field=cert_info, Type=X509 2740:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:./crypto/pem/pem_oth .c:83:

Used this knowledge base and success followed.

https://knowledge.verisign.ch/support/code-signing-support/index?page=content&id=SO18659&actp=search&viewlocale=en_US&searchid=1343045026667

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.