Importing SSL certificates throws IOException

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Java runtime might throw a general import error in certain cases when using keytool command line utility.

Diagnosis

Running the following import command for an existing certificate file:

1 keytool -importcert -alias your.alias.here -keystore /PATH/TO/cacerts -file certificate.pem

Results in one of the following errors:

1 keytool error: java.io.IOException: DerValue.getBigIntegerInternal, not expected 48

OR

1 2 Warning: use -cacerts option to access cacerts keystore keytool error: java.security. KeyStoreException: Unrecognized keystore format. please load it with a specified type

Cause

Java's truststore is corrupt and keytool utility is not able to finish the import properly.

Solution

  • Download a fresh copy of JRE.

  • Extract a valid copy cacerts from the previously downloaded archive.

  • Import the certificate to the new truststore.

  • Replace the new cacerts with the corrupt old one.

  • Keytool utility used for import must be from the same JRE version the corrupt truststore comes from.

  • Make sure to update cacerts file ownership after overwriting the old one.

Updated on March 14, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community