keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic

Document ID : KB000048333
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Customer enables "https" by following the CA Performance Center Single Sign-On User Guide.pdf.

In the section below:

"Chapter 4: Using HTTPS with Single Sign-On->Set Up SSL Certificates->Generate and Import a Certificate->step 5", to import the self-signed certificate into the java trusted certificateskeystore.

As customer enters the default password for the cacerts keystore "changeit", the following error is thrown:

# keytool -import -keystore /opt/CA/jre/lib/security/cacerts -file pc.crt -alias capc
Enter key store password: changeit

keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic

Solution:

The server probably has more than one keytool, in this case you will need to specify the pull path of the correct keytool. To see the list of all keytools, please issue the command below:

find -name keytool

This will list all keytools. The correct one for the procedure described in the SSO guide is:

/opt/CA/jre/bin/keytool

So for example you want to issue the command below instead:

/opt/CA/jre/bin/keytool -import -keystore /opt/CA/jre/lib/security/cacerts -file pc.crt -alias capc