+ Start a Discussion
michael tangmichael tang 

Salesforce client certificate authentication


I downloaded the salesforce client certificate from salesforce website, but when I use keytool to import this certificate to keystore. the error message comes as below.

keytool -import -alias sforce -file sfdc_client.cert -keystore trust.keystore
Enter keystore password:  tangquan
keytool error: java.lang.Exception: Input not an X.509 certificate

but it is successful with the verisign public certificate. the salesforce certificate ends with cert file extension, but verisign's ends with cer file extension. It will be helpful if you guys provide information on this.

I am also experiencing this problem. I got stuck here since I am trying to use CXF to access the web services API. Does anyone have this working?

Sorry, it seems I do not need to go down this path if all I want to do is make webservice API calls to SalesForce.com. I will raise a new topic for my problem.


There is another thread on this that says the solution is to convert the SSL cert to the X.509 format.

One easy way to do this is import it into Firefox, and then export it.

In firefox, go to Tools, options, Advanced, Encryption, click View Certificates.

Import a Server certificate.

Then export, and the default format is PEF, or x.509.




Hi Michael,


I got .pfx certificate from client . When I tried to upload the certificate in salesforce . I got the same error . 

Please let me know if you have solution for this . 





Hey Ankit,


Were you able to resolve this issue?