Input not an X.509 certificate" error when trying to import SAML certificate
- Article Type: General
- Product: Alma
Problem Symptoms:
When crating a certificate file from SAML metadata and trying to import the certificate to a JKS file (according to the instructions in the SAML > Certificate Management section of the Alma Administration Guide), the following error is received:
"keytool error: java.lang.Exception: Input not an X.509 certificate"
The certificate file does include -----BEGIN CERTIFICATE----- at the beginning and -----END CERTIFICATE----- at the end.
Cause:
The certificate was copied directly from the Metadata output in the browser and does not include the appropriate line breaks.
Resolution:
Right-click on the Metadata output in the browser and select "View page source" or "View source" (depending on the browser). Copy the certificate from there instead.
Additional Information
If the certificate contains a "chain of trust", all of the root certificates must be imported as well. See pages 28-30 of the Alma Administration Guide.
- Article last edited: 7/3/2014