first time posting, long time viewer. I am having a problem with my homework assignment. I have looked on the web and stackoverflow, but have yet to find out why my line of code is not working. This is what I have tried.
C:\Openssl\bin\openssl.exe pkcs12 -export -in C:\Users\jokesrfunny\Desktop\jokescert.pem -inkey
C:\Users\jokesrfunny\Desktop\jokeskey.pem -out c:\tools\daacert.p12 -name jokesrfunny
this comes back with the error unable to lead certificates and unable to write 'random state'
In addition to this I have reference these websites for help and still can't find out what going on.
Related
i am trying to include login with facebook feature in flutter application. Going through the steps, i did generated key hash for debug mode. However, i'm not being able to figure out what to replace the above two values in keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH | openssl sha1 -binary | openssl base64 for generating release key hash. What should i do?
You may find these info in the file: android/key.properties
Release key alias is any alias you want, remember that as you'll need them for updates. Path is the path where you want the key to be generated.
I was using keystore explorer tool to create a server crt and a private key file from my PKCS12 keystore file. The tools is great.
Is there any corresponding keytool commandline equivalent?
NO. keytool has no operations either to write out a privatekey alone from a keystore or read in a privatekey alone to a keystore. This is why we get hundreds of questions about the latter, mostly on other Stacks where they are on-topic. For the most recent one I answered, see How to resolve : jno_key_entry
For a PKCS12 keystore, openssl pkcs12 -in file -nocerts will extract the privatekey, or privatekeys, in PEM format. By default it/they is/are encrypted and you must give a (new) password, but you can use -nodes to get it/them unencrypted. If there is more than one privatekey in the keystore, you may need to edit the output to select the desired one (or ones).
For other type keystore, use keytool -importkeystore to convert to PKCS12, then continue as above. If (any type) keystore has multiple entries, you can use keytool -importkeystore with -alias to select only the desired entry, and thus not need the editing step above.
I am getting this error when trying to login with facebook.
The key hash does not match any stored key hashes.
I faced this similar error before but usually when this error appear, the facebook itself will show the key hash and what I do is just copy the key hash and register it in my facebook app. But the situation now is different because when I get the error above, I did not receive any key hash so I have no idea how to re-generate the key hash.
What I know is, you cannot use the command to re-generate another key hash for the second time like in the following code below.
keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH | openssl sha1 -binary | openssl base64
For additional information just in case if this is related, the app is previously developed and the first key hash generated from other device. I copied the project and use another laptop to do the debugging. Just a guess, maybe this is one of the reason why the facebook app isn't showing the mismatch key hash?
You can still generate the key hash with the command
keytool -exportcert -alias androiddebugkey -keystore "your-release-key-path" | "your-openssl-path" sha1 -binary |"your-openssl-path" base64
You may want to check this post How to create Android Facebook Key Hash?
I have a need to obtain a thumbprint from a pfx file on the filesystem without being prompted for a password that requires manual input.
I'm running this as part of an installer where the user specifies the path to the certificate on the filesystem (Not in the store). And the user specifies the password for the certificate. From that point, i need the thumbprint.
So this is simply a matter of discovering a tool which i can pass a path and password to a pfx file and return the thumbprint. I've tried several tools, but even OpenSSL compiled for windows, and it still prompts for the password and gives back a lot more info than just the thumbprint. It needs to be 100% programmatic and without further user intervention.
I'd love to hear any ideas on how to do this. This will be on Windows Server machines only. Thanks!
I found a way to do this - it involves downloading OpenSSL for windows and using that tool to convert and using powershell to read it out.
Conversion
& openssl pkcs12 -in C:\LocalHost.pfx -out C:\mycertificates.crt -nokeys -clcerts -passin pass:ActualPassword
Read In
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\mycertificates.crt")
$thumbprint = $cert.Thumbprint
write-host $thumbprint
So i had to convert to crt/cer first and then read using X509Certificate2.
When creating .pfx (pkcs#12) file, the internal storage containers, called "SafeBags", may also be encrypted and signed.
By default, OpenSSL encrypts the certificate along with its private key, which means it is not possible to get its thumbprint without knowing password.
When creating a new pfx, you can explicitly add -certpbe NONE to avoid encrypting the certificate.
For more details check -certpbe OpenSSL's man page
I've built a dummy app and I'll like to test it on my iPhone. I know that I need to be enrolled in apple developer program and I’m in. I don’t have a MAC, so I had to rent one from macincloud[dot]com.
At this moment, I need to generate a signing certificate request, but I don’t have access to Keychain Access utility. The guys from macincloud offer access to the terminal, but not to Keychain Utility. I know that I need to use security tool from command line, but that’s all.
After 6 hours on two different days, I didn’t find any tutorial/description about how to use the security tool in order to generate the signing certificate request.
Do you have any idea about what do I need to do in command line to generate a signing certificate request?
Run the following in the terminal:
openssl genrsa -out mykey.key 2048
Save this private key file as you will use it later.
Run the following command, replacing the e-mail address, CN (certificate name), and C (country) values with your own:
openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=yourAddress#example.com, CN=John Doe, C=US"
Now in iOS Dev Portal, just use the generated CertificateSigningRequest.certSigningRequest
If you are doing this for Apple Push / APNS, you will also want to know about these 2 additional commands to generate the needed .p12 file:
openssl x509 -in XXXXX.cer -inform DER -out XXXXX.pem -outform PEM
openssl pkcs12 -export -inkey XXXXX.key -in XXXXX.pem -out XXXXX.p12
where XXXXX is your "mykey" value and the xxxxx.cer file is what you download from the Apple portal.