Re: Importing a cert from Thawte
I just solved my problem. Keytool seems to be very sensitive to white characters in the end of the certificate files. I _added_ a trailing return in my file and now it works. (Somewere on Thawtes site I read that you should _remove_ all blanks ...) A tip to people with the same problems as I had: Try adding/deleting trailing blanks/returns in your certificate reply file. /Mattias Arbin - Original Message - From: "Mattias Arbin" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 21, 2000 5:58 PM Subject: Importing a cert from Thawte I have now got a valid certificate from Thawte, (i.e a real one, not a test cert). I am now trying to import it into my keystore without success. I genereated my certificate request like this: keytool -genkey -keyalg "RSA" -alias myalias -keystore keystore -dname "cn=www.[mydomain].com, ou=[MyCompany], o=[My Company], c=SE, S=[Mystate], l=[mycity]" -validity 360 keytool -certreq -keyalg "RSA" -alias myalias -file www.[mycompany].com.csr -keystore keystore The only thing that differs from the Orion docs is that I use an alias 'myalias' instead of the default 'mykey'. When getting my certificate from Thawte I could choose from a number of formats. The two that seems to fit is 'Standard Certificate Format' (BASE64 encoded, DER encoded X.509v3 cert.) 'PKCS #7 Certificate Chain' ("Newer servers and development toolkits support "certificate chains". This format allows Thawte to deliver a full certificate chain to you, which in turn makes for superior key management and flexibility.") When trying to import either one of the above I get: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -alias myalias -trustcacerts Enter keystore password: mypassword keytool error: java.lang.Exception: Input not an X.509 certificate After reading the docs on keytool, I am still not completely sure if to use "-alias myalias" so I tried that too: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -trustcacerts Enter keystore password: mypassword keytool error: java.security.cert.CertificateException: Unsupported encoding Does anybody have any idea what is going wrong here? Thanks, Mattias Arbin
RE: Importing a cert from Thawte
You have sent this to the wrong email address. -Original Message- From: Mattias Arbin [mailto:[EMAIL PROTECTED]] Sent: Friday, July 21, 2000 8:59 AM To: Orion-Interest; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Importing a cert from Thawte I have now got a valid certificate from Thawte, (i.e a real one, not a test cert). I am now trying to import it into my keystore without success. I genereated my certificate request like this: keytool -genkey -keyalg "RSA" -alias myalias -keystore keystore -dname "cn=www.[mydomain].com, ou=[MyCompany], o=[My Company], c=SE, S=[Mystate], l=[mycity]" -validity 360 keytool -certreq -keyalg "RSA" -alias myalias -file www.[mycompany].com.csr -keystore keystore The only thing that differs from the Orion docs is that I use an alias 'myalias' instead of the default 'mykey'. When getting my certificate from Thawte I could choose from a number of formats. The two that seems to fit is 'Standard Certificate Format' (BASE64 encoded, DER encoded X.509v3 cert.) 'PKCS #7 Certificate Chain' ("Newer servers and development toolkits support "certificate chains". This format allows Thawte to deliver a full certificate chain to you, which in turn makes for superior key management and flexibility.") When trying to import either one of the above I get: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -alias myalias -trustcacerts Enter keystore password: mypassword keytool error: java.lang.Exception: Input not an X.509 certificate After reading the docs on keytool, I am still not completely sure if to use "-alias myalias" so I tried that too: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -trustcacerts Enter keystore password: mypassword keytool error: java.security.cert.CertificateException: Unsupported encoding Does anybody have any idea what is going wrong here? Thanks, Mattias Arbin
Importing a cert from Thawte
I have now got a valid certificate from Thawte, (i.e a real one, not a test cert). I am now trying to import it into my keystore without success. I genereated my certificate request like this: keytool -genkey -keyalg "RSA" -alias myalias -keystore keystore -dname "cn=www.[mydomain].com, ou=[MyCompany], o=[My Company], c=SE, S=[Mystate], l=[mycity]" -validity 360 keytool -certreq -keyalg "RSA" -alias myalias -file www.[mycompany].com.csr -keystore keystore The only thing that differs from the Orion docs is that I use an alias 'myalias' instead of the default 'mykey'. When getting my certificate from Thawte I could choose from a number of formats. The two that seems to fit is 'Standard Certificate Format' (BASE64 encoded, DER encoded X.509v3 cert.) 'PKCS #7 Certificate Chain' ("Newer servers and development toolkits support "certificate chains". This format allows Thawte to deliver a full certificate chain to you, which in turn makes for superior key management and flexibility.") When trying to import either one of the above I get: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -alias myalias -trustcacerts Enter keystore password: mypassword keytool error: java.lang.Exception: Input not an X.509 certificate After reading the docs on keytool, I am still not completely sure if to use "-alias myalias" so I tried that too: keytool -import -keystore keystore -file mythawtecert.cer -keyalg "RSA" -trustcacerts Enter keystore password: mypassword keytool error: java.security.cert.CertificateException: Unsupported encoding Does anybody have any idea what is going wrong here? Thanks, Mattias Arbin