Is it possible to add/import .crt [certificate] to cacerts [Java TrustStore] using openssl ?
I do not wish to use keytool & i'm looking for an alternate openssl command for the below:
keytool -import -trustcacerts -alias TorchboxCA -file Torchbox_CA.crt -keystore cacerts
Kindly help me with the command syntax incase it is possible.
As far as I understand the functionality of openssl, no, it will not be possible.
Even in a longer research in OpenSSL manpages and Wiki, I haven't found a hint for Java Key Store (JKS) support.
Related
I am trying to install a client certificate in my JVM to call a https soap service, but when running the
keytool -import command I get the below error:
**
keytool error: java.lang.Exception: Certificate not imported, alias already exists
**
Here is the command I am using, please note I am using Java11
**
C:\Softwares\java-11-openjdk-11.0.7.10-1.windows.redhat.x86_64\lib\security>keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx"
**
Please suggest.
Every entry in the java keystore is identified by a key called alias. It has to be unique for a given keystore. If you don't provide one, the default value the keytool uses is mykey. Looks like there is an entry with mykey already in your keystore. All you have to do is give a name yourself. You can do this using the alias attribute, like this:
keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx" -alias third_party_ca
You can use any name as long as it is unique.
Hi i am currently trying to create a signed apk for a flutter app but I've encounter a problem. Based on official docs https://flutter.dev/docs/deployment/android " Note: The keytool command might not be in your path—it’s part of the Java JDK, which is installed as part of Android Studio. For the concrete path, run flutter doctor -v and locate the path printed after ‘Java binary at:’. Then use that fully qualified path replacing java (at the end) with keytool." and ive check and thats really my situation, now my question is how can i change the location "C:\Program Files\Android\Android Studio\jre\bin\java" to "C:\Program Files\Android\Android Studio\jre\bin\keytool". Thanks for any answer coz i have already search how exactly to do that but failed.
I have found a solution: Simply enter these into Windows command prompt.
italic bold cd C:\Program Files\Java\jdk1.7.0_09\bin
following: How can I find and run the keytool
Yeah Dude I actually solved it my own, I just read the https://flutter.dev/docs/deployment/android again it seams that I didnt change the keytool -genkey -v -keystore c:/Users/USER_NAME/key.jks (<-This is the problem, there is no path on my PC with that name, so just change it) -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key
To solved this issue:
Use this command keytool -genkey -v -keystore c:/Users/USER_NAME/key.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key and change the c:/Users/USER_NAME/ with an actual directory.
My keystore is deleted, and I try to chat with Google playstore developer and I ask that my keystore app be reset, then they sent instructions like this:
Alternatively, you can use the following command line to generate a
new key:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
This key must be a 2048 bit RSA key and have 25-year validity.
Export the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Reply to this email and attach the upload_certificate.pem file.
My question is how to Export the certificate for that key to PEM format?
I try to using keytool.exe in folder C:\Program Files\Android\Android Studio\jre\bin the command prompt keytool.exe can not been write (force close)
keytool is provided in JDK, not JRE. You can install a JDK 1.8 for example and use keytool command from the path C:\Program Files\Java\JDK_1.8\bin\keytool.exe in Windows CMD terminal in Administrator mode(preferably).
The commands you provided are meant to generate a keypair and to export the certificate. So, if you have a proper keytool installed, you can execute your commands successfully and export the certificate.
For exporting certificate, if path not given it will export the ceritificate in bin folder.
I wanted to use https://stackoverflow.com/a/7094044/384674 for importing pem into p12, but keystore password is 5 characters and keytool is complaining it needs to be 6 :-/
keytool -import -alias alias -keystore ./trust.p12 -storetype PKCS12 -file new.pem
Enter keystore password:
Keystore password is too short - must be at least 6 characters
edit:
There was a comment, this is not working in some of later versions of keytool but comment was removed, please be aware or let us know as I do not know version I was testing with.
What I found is, that when you specify -storepass as a parameter, validation is not active.
I have the exact problem reported in
Jarsigner: certificate chain not found for
My starting point was a .pem file. My sense is that this does have the private key also. I used the following command to import this into a keystore:
keytool -importcert -alias myalias -file myfile.pem
For "Trust this certificate? [no]", if I choose "no" the import fails. So, I went with "yes". The import does succeed. My
keytool -list
produces output similar to the one listed in Jarsigner: certificate chain not found for.
My sense is that I do have the right certificate bit am not importing this correctly. In other words, I am suspecting that a 'trusted certificate entry' is being created instead of a 'key entry' but don't know how to force keytool to create a 'key entry'.
How can I solve this problem?
Additional Info:
After further work, I am leaning towards exactly the opposite conclusion than the one above. I now think that something is wrong with my pem file. I looked at a previous keystore entry with an expired key. It clearly states PrivateKeyEntry while my import states trustedCertEntry.
You can try to create a pkcs12 from your files that would contain the entire certificate chain. You'll need your public cert and the root CA cert. Command is like this:
openssl pkcs12 -export -inkey file.pem -in file.crt -out file.p12 \
-CAfile root-CA.pem -chain -name mykey
Once you have the entire file.p12 file, you can export the full cert to pem format:
openssl pkcs12 -in file.p12 -out new-cert.pem -nodes -clcerts
Or if you want to export to a Java keystore format that has the entire chain, the command is:
keytool -importkeystore -srcstoretype pkcs12 -srckeystore file.p12 \
-srcstorepass <password> -keystore keystore.jks