1

My reward in this life for past deeds is to provide admin for some very ancient applications running on Java 1.7 (mostly 1.7.0_79). After the last round of certificate updates the applications stopped talking to the CAS auth server (couldn't validate the CA cert). Unfortunately when I try to install the current CA certs, I get:

[[email protected] bin]# ./keytool -import -alias isrgrootx1 -file ~/isrg-root-x1-cross-signed.pem -keystore ../jre/lib/security/cacerts
Enter keystore password:
keytool error: java.lang.Exception: Input not an X.509 certificate

Openssl on the same box (CentOS 5.11) has no issue reading the file (4096 bit RSA + sha256). And I did check that the file contained only a single certificate. I've seen a number of posts here about the same error message:

Is this the end of the road or is there a way I can convince this version of Java to accept this certificate?

Improve this question
3
  • bypass the validation in your code until you find the solution. Not safe, but no headaches neither Commented Mar 8, 2021 at 18:39
  • Curiously I was already googling how to do that when you commented - unfortunately not yet finding a solution. Any pointers? Commented Mar 8, 2021 at 18:50
  • jdoodle.com/iembed/v0/aoD Commented Mar 8, 2021 at 20:38
Related questions
0
Error in importing Certificate?
9
keytool error: java.lang.Exception: Input not an X.509 certificate
9
java.lang.Exception: Input not an X.509 certificate :keytool error
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.