tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <>
Subject Re: SSL Certificate formats, requirements for import into existing keystore
Date Thu, 07 Jul 2011 05:46:11 GMT

"Peterson, Tommy" <> schrieb:

I have a keystore for an application that runs on Tomcat. People here introduced a load balancer
(LB) into the mix for this same application and therefore I have to use keytool to import
the LB's certificate into the existing keystore.

However, the key and the cert are in one file. According to the docs this is not an issue
(you can even concatenate them the docs say). So I just ran the keytool command and I continually
get an error message: "keytool error: java.lang.Exception: Input not an X.509 certificate"

The IT support folks said that this is the cert that was given to them by the hosting company
and that it can be installed successfully on Apache.

There is some "junk" ("bag attributes")n the file that I don't' understand. I am used to just
KEY----- "-----END RSA PRIVATE KEY----- "

Any suggestions?



This message contains Devin Group confidential information and is intended only for the individual
named. If you are not the named addressee you should not disseminate, distribute or copy this
Please notify the sender immediately by e-mail if you have received this e-mail in error and
delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free
and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete,
or contain viruses. The sender therefore does not accept liability for errors or omissions
in the contents of this message which may arise as result of transmission. If verification
is required please request hard-copy version.

Hi Tommy,

Your file could be a pkcs12 file. Have you tried to use "keytool -importkeystore ..."?

Keytool -help should give you the needed parameters.

You need a recent java6 version for this to work.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message