Importing SSL certificates throws IOException
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Java runtime might throw a general import error in certain cases when using keytool command line utility.
Diagnosis
Running the following import command for an existing certificate file:
keytool -importcert -alias your.alias.here -keystore /PATH/TO/cacerts -file certificate.pemResults in one of the following errors:
keytool error: java.io.IOException: DerValue.getBigIntegerInternal, not expected 48
OR
Warning: use -cacerts option to access cacerts keystore
keytool error: java.security. KeyStoreException: Unrecognized keystore format. please load it with a specified typeCause
Java's truststore is corrupt and keytool utility is not able to finish the import properly.
Solution
- Download a fresh copy of JRE.
- Extract a valid copy cacerts from the previously downloaded archive.
- Import the certificate to the new truststore.
- Replace the new cacerts with the corrupt old one.
- Keytool utility used for import must be from the same JRE version the corrupt truststore comes from.
- Make sure to update cacerts file ownership after overwriting the old one.