We copied the cacerts from the Primary to the OC and ran the command and got this error:

E:\Nimsoft\jre\jre8u382b05\bin>keytool.exe -importcert -keystore cacerts -alias cacerts -storepass <password_removed> -file "c:\Users\<userid>\Desktop\Primary Hub CACERTS\cacerts" -trustcacerts

keytool error: java.lang.Exception: Input not an X.509 certificate

• DX UIM 23.4
• wasp

Error: java.lang.Exception: Input not an X.509 certificate
The keytool command can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type. 

The data to be imported must be provided either in binary encoding format or in printable encoding format (also known as Base64 encoding) as defined by the Internet RFC 1421 standard. 

In the latter case, the encoding must be bounded at the beginning by a string that starts with -----BEGIN, and bounded at the end by a string that starts with -----END.

Also, things like bad new line characters could cause issues. You can check for hidden characters by coping the contents of the trusted certificates field into a file and then user "cat -vet mytrustedcerts.txt" to look for any hidden characters or paste it into Notepad++ with View option set to "Show All Characters."

Please request the certificate from your Security team. Do not try to import the actual certs file from the Primary hub. That will not work.

From the document in the KB Article you mentioned.

c:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\bin\keytool.exe" -importcert -keystore cacerts -alias cacerts -storepass changeit -file <root_cert_path> -trustcacerts

The command that was run:

E:\Nimsoft\jre\jre8u382b05\bin>keytool.exe -importcert -keystore cacerts -alias cacerts -storepass changeit -file "c:\Users\<userid>\Desktop\Primary Hub CACERTS\cacerts" –trustcacerts

Cacerts is a keystore not a certificate.

We would be looking to import something like: root.cer