Keytool error: Input not an x.509 cert
843810Jan 26 2002 — edited Jan 27 2002We ran into this problem when we try to import Verisign's new 128-bit Secure Site Pro and Commerce Site Pro (Global ID)Certificate. We don't have problem
with Verisign's 40-bit or older version of 128-bit certificate.
Their customer support people I talked to insisted the certificate conform to X509 standard and referred me to Sun.
Verisign has updated the Global Root Certificate recently in their Global ID which shouldn't affect the format, I think.
One other thing puzzled me is that I can't open the certificate through right-mouse-click "Open" menu on NT/W2K. The error dialog box said that "This is an Invalid Certificate". I don't have problem to open Verisign's 40-bit or older version of 128-bit certificate.
we have. Verisign's custom support referred me to Microsoft.
The command I used is something like the following:
keytool -import -trustcacerts -alias mykey -file
mycert.cer -keystore mykeystore
It will be very appreciated if some one can help
answering the following questions for us:
(1) How to tell if a certificate conforms to X509 format or not?
(2) How to tell the format of a certificate?
(3) Is keytool from jdk 1.3 compatible/workable with
Verisign's new Global ID certificate?
(I tried keytool from jdk 1.4 and it didn't work either.)
(4) Has anyone run into this problem lately?
Thankss,
tienliu_us@yahoo.com