Hi,

I am using the OpenSSL to generate the RSA key file (client.pem) and
the X.509 Certificate file (clientCert.pem) through the following
commands.

1) OpenSSL>genrsa -out client.pem -des3 1024
2) OpenSSL>req -new -text -x509 -nodes -sha1 -days 365 -key client.pem
-out clientCert.pem

The clientCert.pem is as following:
Certificate:
Data:
Version: 3 (0x2)
.........
-----BEGIN CERTIFICATE-----
...........
-----END CERTIFICATE-----

Then I try to use the keytool to import the certificate into a
keystore file
>keytool -import -trustcacerts -alias clientCert -file clientCert.pem -keypass abc123

-keystore "C:\clientCert" -storepass abc456
I get the "keytool error: java.lang.Exception: Input not an X.509
certificate".

Then I delete all the text before "-----BEGIN CERTIFICATE-----" in the
clientCert.pem file and try the same keytool command and this time it
works.

Does anybody have the same experience and can you explain why it
happens like this? I think I do need the whole certificate file to be
imported into key store if possible.

Thanks,
Joanne