Failed to decrypt keystore, invalid store password or store password not supplied - BlackBerry Signing Error - blackberry-10

My Android Runtime Apk converted Bar file is on BB World Store. I am in process of updating new release for my existing app on store. I am using BlackBerry Apk Packager tool to sign and deploy the app on store. My bar file is generated successfully, after generating bar file it is aking for keystore password, when I type my password it is saying,
Signing failed. Do you want to run signing configuration now?
In output window, its showing below error:
Failed to decry-pt keystore, invalid store password or store password
not supplied.
I have my token file and p12 file in the following locations:
C:\Users\PcName\AppData\Local\Research In Motion\bbidtoken.csk
C:\Users\PcName\AppData\Local\Research In Motion\author.p12
How to get new keystore password? If I reset my keystore password, won't I be able to update my existing app on store?

If you were the person that created the keystore, you could try recreating it with the password you want to use. Java Keytool is an option for generating keystores with certificates you have.
For example:
\CommonFiles\OpenJDK\bin>keytool -v -importkeystore -srckeystore <your cert> -srcstoretype PKCS12 -destkeystore <your keystore>
-deststoretype JKS
Enter destination keystore password:
Enter source keystore password:
Entry for alias <your alias> successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

Related

How to find the keystore location and renew certificates using keytool

How to find the existing certificates on my computer using the keytools command?
I have to take a copy of the existing certificates for renewal and run the following commands
on the certs:
keytool -list -alias <<your cert's alias>> -keystore.<<your .jks file>> -storepass <>
I am not sure how to go about figuring the certificates on my system and are these certificates
related to Java/Linux or something else?
Separately where do I found keystore? Once I have the keystore location I could
use the keytool list -v command on the keystore to get the serial number of the certificate

How to use codesign command

I am trying to use codesign command to sign bundle.
First of all I have got p12 file and I have imported into my keychain.
However when I try to use codesign like this:
codesign -v --force --verify --deep --verbose --sign <ID> <MyApp.app>
It says 'no identity found'. The identity field I got it from
What am I doing wrong please?
Thanks in advance
Before you run codesign command, you need to unlock your keyChain, either by clicking on unlock on the keychain app or run security unlock-keychain, otherwise you can get inconsistent result because sometimes the keychain is already unlocked, sometimes not.
You might also need to include the --keychain option in your codesign command, depending on your configuration.
You can verify if the identity is available in your current shell environment by
security find-identity -p codesigning

Postman app - 403 Invalid client certificate

I'm trying to test API that requires a client certificate with postman.
Postman app that comes with google chrome built in app works fine as it loads the correct certificate from user local store.
But this built in app will be deprecated soon. I'm trying to get Postman standalone app. I keep getting
403 Invalid client certificate
It requires the certificate to be loaded manually:
Questions:
I only have pfx certificate loaded on to my local certificate store.
How do I generate CRT file and key file off pfx
How do I generate
passphrase
Thanks.
You can convert pfx certificate into cer and key files by using OpenSSL application (Windows installed can be found under https://slproweb.com/products/Win32OpenSSL.html).
Once OpenSSL is installed, run PowerShell and execute the following commands.
openssl pkcs12 -in test.pfx -nocerts -out test.key
You will be asked to provide password to pfx certificate and set passphrase.
Then execute the following commands and provide password to pfx certificate.
openssl pkcs12 -in test.pfx -clcerts -nokeys -out test.crt
In the case above, cer and key files will be stored under user's directory.

Configuring SSL on glassfish-4

Am trying to configure glassfish-4 for SSL but it seems i can't get it to work. By default glassfish uses port 8181 for SSL which of course works very well from my localhost prompting the browser to add the certificate in its truststore but from remote this fails with the exception -- SSL received a record that exceeded the maximum permissible length-- on mozilla firefox. I also tried generating my own key/pair using java's keytool in the config folder of the domain1, I then changed certificate nickname on glassfish to the alias of the new keystore but this fails to work instead returns the default certificate from alias s1as even after restarting the server. Below is the command i used to generate the keystore file.
keytool -genkey -alias MY_ALIAS_NAME -validity 1000 -keyalg RSA -keysize 1024 -keystore /opt/......./domain1/config/keystore.jks
The first and last names being the IP address of the remote when generating it. Please help, thanks.

Unable to authenticate to Intuit API Explorer

I am attempting to authenticate to the Intuit API Explorer to become better acquainted with the Customer Data (AggCat) API.
I enter the Consumer Key/Secret, SAML id, user ID, and the original .crt certificate that I uploaded. I get the error:
The given certificate file is not supported. Please provide valid PEM certificate file.
I don't understand this error, because the .crt file is PEM-encoded, as far as I can tell.
Nevertheless, I went to the 'Create X.509 keys' page:
http://docs.developer.intuit.com/0020_Aggregation_Categorization_Apps/009_Using_AggCat/0010_GettingStarted/0015_Create_an_AggCat_integration/0010_Creating_X.509_Public_Certificates
and followed the instructions at the bottom 'Generating a PEM file'. I am able to get past step 1. (convert jks store to p12 format), but I get the following error when attempting to run step2:
$ openssl pkcs12 -in keystore.p12 -nocerts -out cert.pem
MAC verified OK
Error outputting keys and certificates
139679448614560:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
139679448614560:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:104:
139679448614560:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130:
I am using jdk-1.7.0_17 and openssl-1.0.1 on ubuntu-12.04 LTS.
Thanks for any help.
Found it, stop looking!
The problem arises from the fact that the PKCS12 format does not support separate passwords for the storage file and any keys inside it. Both the storage file and the key inside it have to be encrypted with the same password.
So the easiest was to go through the process again, and in the step of generating the initial private key and keystore with keytool:
keytool -genkey -alias myapp -validity 1095 -keyalg RSA -keystore keystore.jks
make sure to use the same password for both the keystore (storepass) and the private key (keypass).
As an alternative, if you really must/want to use separate passwords for the keystore and key in that step, in the initial step for creating the PEM:
keytool -importkeystore -srckeystore [MY_KEYSTORE.jks]
-destkeystore [MY_FILE.p12]
-deststoretype PKCS12
-deststorepass [PASSWORD_PKCS12] change this to [KEYPASS]
-srcstorepass [PASSWORD_JKS]
set the -srcstorepass to the password of the keystore (storepass), but set the
-deststorepass of the PKCS12 file to the password of the private key (keypass) used when creating the key/keystore via the keytool -genkey command further above.
I have not tested this alternative, but it should work as well, since both the PCKS12 store and the key would end up using the same password.