0 Replies Latest reply on Jun 13, 2018 6:58 AM by Sieb_Cloud

    Importing Certificate error "Input not an X.509 certificate"

    Sieb_Cloud

      Hello Team,

       

      We have created CSR (Certificate Request Generation), as per below commands, for each server(we have 4 servers)

      1) KEYSTORE GENERATION for serverapp1

      keytool -genkey -alias siebelapp1 -keystore F:\certs\keystore\siebelkeystore.jks -keyalg RSA -sigalg SHA1withRSA -dname "CN=serverhost.domain, C=AU, L=Melbourne, ST=Victoria, O=ABC"

       

       

      2) GENERATOING CSR for serverapp1

      keytool -certreq -alias siebelapp1 -keystore F:\certs\keystore\siebelkeystore.jks -file F:\certs\keystore\siebelkeystoreapp1.csr

       

      And sent it to our security team to sign it with proper CA and send us back, along with root CA certificate

      > We received four CA root certificate, one  for each server. As per my understanding, root certificate should be only one? But I don't have much idea on this subject, please suggest.

      > We received four CSR signed certificate in .csr format

       

      3) IMPORT CERTIFICATES (RROT & CSR Signed) in JKS

      a) keytool -importcert -alias ca -file c:\ca\caroot.cer -keystore c:\keys\siebelkeystore.jks   ----> ROOT CA CERT

      b) keytool -importcert -alias siebel -file c:\keys\siebelkeystoreCASigned.cer -keystore c:\keys\siebelkeystore.jks   ----> CSR SIGNED CERT

       

      Issue:

      A] We were able to import first Root CA certificate successfully, but it throws below error, while importing second RootCA certificate

      this certificate is already in the keystore under <aliasname>. Do you want to overwrite it ?

      What should we do here?

       

      B] While importing CSR signed certificate, received error

      java.lang.exception input not an x.509 certificate

      Please help to understand the cause of above two issue, and its solution.

       

      Thanks,

      Shilpi