importing a local CA certificate into cacerts keystore

Kurt Yoder ktyopenjdk at
Thu Mar 31 20:11:56 UTC 2011

Hello all,

I'm trying to run Apache Archiva using OpenJDK, and authenticating off SSL-protected LDAP. This is throwing an exception " unable to find valid certification path to requested target". Since my LDAP server's SSL is signed using my local CA certificate, I presume this error effectively is telling me I need to import my local CA certificate into the OpenJDK keystore.

Following this reasoning I am attempting to import my root CA, but I can't figure out how to do it. I tried:

keytool -importcert -file /etc/ssl/certs/my-ca.pem -keystore /etc/ssl/certs/java/cacerts 

which gives me:

keytool error: java.lang.Exception: Input not an X.509 certificate

I also tried:

keytool -importkeystore -v -srckeystore /etc/ssl/certs/my-ca.pem -destkeystore /etc/ssl/certs/java/cacerts

but this gives me 

keytool error: Invalid keystore format Invalid keystore format

Searching on the internet, I see something that *looks* like what I want, but doesn't appear to work with openjdk's keytool:

eg "keytool -import -alias myCA -file my-ca.pem"

So does anyone have suggestions? Am I doing it wrong?

More information about the discuss mailing list