1

I have created certificate through Openssl

Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"

and then created a PKCS#12 file using OpenSSL:

openssl pkcs12 -export -in tls.crt -inkey tls.key -out tls.p12

and after that convert it to JKS using 

keytool -importkeystore -srckeystore tls.p12  -srcstoretype PKCS12  -destkeystore tls.jks  -deststoretype JKS

now when importing this jks file through keytool like this

keytool -import -noprompt -trustcacerts -alias "nginxsvc" -file tls.jks -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

I am getting

keytool error: java.lang.Exception: Input not an X.509 certificate

Improve this question

1 Answer 1

Reset to default
2

The -import needs a certificate file, not a JKS. Try : 

keytool -import -noprompt -trustcacerts -alias "nginxsvc" -file tls.crt -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

What if i will import openssl generate certificate like this keytool -import -file C:\Code_Base\Certificates\NGINX_150\tls.crt -storepass changeit -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts" then i dont need to convert certificate. Is this approach also fine
I did what you mentioned bt i am getting 16:30:21,046 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) failed to turn code into token: javax.net.ssl.SSLException: hostname in certificate didn't match: <135.250.138.150> != <nginxsvc>
Yes, you can import the certificate directly.
The certificate should be generated for a FQDN (example : xxx.yyy.com) and you should request this FQDN (xxx.yyy.com). You can use a shortname such as nginxsvc if you want, but then you have to request it and not its IP address.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.