importing a local CA certificate into cacerts keystore
Kurt Yoder
ktyopenjdk at yoderhome.com
Thu Mar 31 20:11:56 UTC 2011
Hello all,
I'm trying to run Apache Archiva using OpenJDK, and authenticating off SSL-protected LDAP. This is throwing an exception "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". Since my LDAP server's SSL is signed using my local CA certificate, I presume this error effectively is telling me I need to import my local CA certificate into the OpenJDK keystore.
Following this reasoning I am attempting to import my root CA, but I can't figure out how to do it. I tried:
keytool -importcert -file /etc/ssl/certs/my-ca.pem -keystore /etc/ssl/certs/java/cacerts
which gives me:
keytool error: java.lang.Exception: Input not an X.509 certificate
I also tried:
keytool -importkeystore -v -srckeystore /etc/ssl/certs/my-ca.pem -destkeystore /etc/ssl/certs/java/cacerts
but this gives me
keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1201)
at sun.security.tools.KeyTool.loadSourceKeyStore(KeyTool.java:1560)
at sun.security.tools.KeyTool.doImportKeyStore(KeyTool.java:1603)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:881)
at sun.security.tools.KeyTool.run(KeyTool.java:194)
at sun.security.tools.KeyTool.main(KeyTool.java:188)
Searching on the internet, I see something that *looks* like what I want, but doesn't appear to work with openjdk's keytool:
http://www.grok2.com/blog/2010/09/14/keytool-jarsigner-oddity-on-ubuntu-with-openjdk-version-6/
eg "keytool -import -alias myCA -file my-ca.pem"
So does anyone have suggestions? Am I doing it wrong?
More information about the discuss
mailing list