Search code examples
tomcatssl-certificatekeytool

RHEL : Certificate Import : Keystore error : Signed Fields invalid

I'm configuring tomcat to use SSL/TLS1.2.

  1. So I started with setting up a keystore

'keytool -genkey -keysize 2048 -keying RSA -alias hostname -keystore tomcat.jks'

I provided the required details and passcode to create the keystore.

  1. I changed the keystore to pcks12

    keytool -importkeystore -srckeystore tomcat.jks -destkeystore tomcat.p12 -deststoretype pkcs12

  2. Generated the certificate signing request

    'keytool –keystore tomcat.p12 –certreq –alias hostname –keyalg rsa –file tomcat.csr'

  3. Imported the ssl certificate with passcode

    keytool -importcert -file sslcert.pfx -alias hostname -keystore tomcat.p12 -storepass Xxxxxxxx

During the 4th step I got the error "keytool error: java.security.cert.CertificateParsingException: Signed fields invalid". The ssl certificate has its own password but not sure where the parsing error is. Any advice

Solution

  • Converting the pfx certificate into .pem fixed the issue. The certificate was converted using the below

    openssl pkcs12 -in sslcert.pfx -out sslcert.pem -nodes