Keytool Error Java.security.keystoreexception Jks
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow java.security.keystoreexception jks not found the company Business Learn more about hiring developers or posting ads with us Stack
Trustedcertentry Not Supported Pkcs12 Keytool
Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of error trustedcertentry not supported 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Creating pkcs12 using Java API failes due to error: java.security.KeyStoreException: TrustedCertEntry not supported up vote 3 down vote
Java.security.keystoreexception Pkcs12 Not Found
favorite I am trying to create a PKCS12 keystore file using Java API. However as soon as I try to import the certificate I get the exception java.security.KeyStoreException: TrustedCertEntry not supported my code is: Provider p = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); ... KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null, keystorePass); keyStore.setCertificateEntry("certificate", certificate); keyStore.setKeyEntry("key",privateKey, keypass, certChain); The same approach works for creating JKS files but failed for PKCS12 files. Note: The certificate given to this program as input java.security.keystoreexception: key protection algorithm not found is created by the server using the CSR generated with the same private key used here. I.e. the public modulus for the given certificate, CSR used to generate it and the given private key are the same. The server cert is stored in variable certChain. Note: I have tried OpenSSL to create the pkcs12 and I was successful, however I need to do the same using Java API. Note: I am using JDK 7 java ssl keytool pkcs#12 share|improve this question asked Nov 26 '14 at 22:46 neutral_sphere 2316 add a comment| 1 Answer 1 active oldest votes up vote 6 down vote Java 7 (and earlier) does not allow a trustedCert entry in a PKCS12 keystore although 8 does, perhaps because PKCS12 was designed and is usually used only for privatekey(s) and the related cert(s) and which Java puts together in the privateKey entry. You say this cert is the cert for/matching the privatekey, so it must be first in the certChain in the "key" entry, and you do not need a "cert" entry for it. share|improve this answer answered Dec 17 '14 at 7:14 dave_thompson_085 4,9231714 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up using Google Sign up using Facebook Sign up using Emai
make one: For a JKS (Java Key Store
Openssl Jks To Pem
format): keytool -genkeypair -keystore mihail.stoynov.jks -storepass mihail.stoynov -alias mihail.stoynov
Bks Keystore
-keypass mihail.stoynov -keysize 2048 -keyalg RSA -sigalg sha1withrsa -dname "cn=Mihail Stoynov, ou=MyCompany Bulgaria, convert jks to p12 o=MyCompany, L=Sofia, S=Sofia, c=BG" -validity 3650 -v For a PKCS#12 keystore: keytool -genkeypair -keystore mihail.stoynov.p12 -storetype pkcs12 -storepass mihail.stoynov -alias mihail.stoynov -keypass http://stackoverflow.com/questions/27160189/creating-pkcs12-using-java-api-failes-due-to-error-java-security-keystoreexcept mihail.stoynov -keysize 2048 -keyalg RSA -sigalg sha1withrsa -dname "cn=Mihail Stoynov, ou=MyCompany Bulgaria, o=MyCompany, L=Sofia, S=Sofia, c=BG" -validity 3650 -v When the public certificate is needed separately, one can be exported in a file (mihail.stoynov.cer) like this: (from a JKS) keytool -exportcert -keystore mihail.stoynov.jks -storepass mihail.stoynov https://mihail.stoynov.com/2009/03/12/certificates-keystores-java-keytool-utility-and-openssl/ -alias mihail.stoynov -keypass mihail.stoynov -file mihail.stoynov.cer -v (from a PKCS#12) keytool -exportcert -keystore mihail.stoynov.p12 -storetype pkcs12 -storepass mihail.stoynov -alias mihail.stoynov -keypass mihail.stoynov -file mihail.stoynov.cer -v NOTE: keep storepass and keypass the same for easy importing into browsers II) Sometimes self-signed certificates are not enough and a CA root certificate must be made in order to sign a group of certificates. First a Certificate signing request (CSR) must be made: (from a JKS) keytool -certreq -keystore mihail.stoynov.jks -storepass mihail.stoynov -alias mihail.stoynov -keypass mihail.stoynov -v >> mihail.stoynov.csr (from a PKCS#12) keytool -certreq -keystore mihail.stoynov.p12 -storetype pkcs12 -storepass mihail.stoynov -alias mihail.stoynov -keypass mihail.stoynov -v >> mihail.stoynov.csr (the output is directed to a file: mihail.stoynov.cer) The file looks something like that: -----BEGIN NEW CERTIFICATE REQUEST----- MIICtTCCAZ0CAQAwcDELMAkGA1UEBhMCQkcxDjAMBgNVBAgTBVNvZmlhMQ4wDAYDVQQHEwVTb2Zp YTEQMA4GA1UEChMHTWF0ZXJuYTEWMBQGA1UECxMNTWF0ZXJuYSBTb2ZpYTEXMBUGA1UEAxMOTWlo YWlsIFN0b3lub3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ7XpdyHuF9ApZodSn GS9/TiUtXqryPDD0elzlP2QreSkfYv8IaXnB1Xy1ZVmda/d+P4TZ/aHvAhDwQPcei4KaoRzJWX9I Yz9hi4cmKksjg8ufDZzXUuMwtbVlricc5vWg1HcSsQJ8vpLCBIelliDJOxc4skDcT23LGQttiv0b 23pjMthEe2tJVp37Tnwr29SLz0AGziVwzb5cfAXU4PzpiASr8vF2A0c2DObS7zM5Wp7jXWIe71P5 BZgIMcUUGlCdfLQRoA7URWN2Yx2qH8gyiNaIaZYZB6o2ib8rH3UmDl/ErKJgWQyS7sr4bANY9WpA m7H2nXfGs+X88xSbA0JRAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAIn81dCSpVbI7IDLO2L2p MW1gnjvuRs9xm6M9rMV6Kwy0Nw05qL0H8tTsFaq4J7bLBXJeXmiREUbrtpbHxLUfjtaqs5q5Txxn
Certification Databases Caching Books Engineering Languages https://coderanch.com/t/476654/Web-Services/java/Import-cer-public-key-pfx Frameworks Products This Site Careers Other all forums https://java.net/projects/opends/lists/users/archive/2010-06/message/34 Forum: Web Services Import .cer(public key) into .pfx siva kumarl Greenhorn Posts: 21 posted 6 years ago Hi Friends, I generated a keystore file(.jks) which contains both public key and private key, i not found converted it .pfx file, but this contains only private, now i have to import the public key into .pfx , i am getting the following error. Friends kindly help me. please find the below errordetails: c:/>keytool -import -v -trustcacerts -alias kiwiservice -file trustedcertentry not supported kiwiclient.cer -keyst ore kiwiservice.pfx -storetype pkcs12 Enter keystore password:******** Owner: CN=CLIENT, OU=YALAMANCHILI_CLIENT, O=YSE, L=VSP, ST=AP, C=IN Issuer: CN=CLIENT, OU=YALAMANCHILI_CLIENT, O=YSE, L=VSP, ST=AP, C=IN Serial number: 4b31954e Valid from: Wed Dec 23 09:28:06 IST 2009 until: Tue Dec 22 09:28:06 IST 2015 Certificate fingerprints: MD5: C8:C9:89:E2:CA:F9:30:AF:7A0:9AD:5F:F5:18:78 SHA1: BA:F9:F8:82A:54:26:1B:2B:22:18:88:AA:792:E30:13:F1:B9 Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]: y keytool error: java.security.KeyStoreException: TrustedCertEntry not supported java.security.KeyStoreException: TrustedCertEntry not supported at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineSetCertificateEn try(PKCS12KeyStore.java:620) at java.security.KeyStore.setCertificateEntry(KeyStore.java:941) at sun.security.tools.KeyTool.addTrustedCert(KeyTool.java:1954) at sun.security.tools.KeyTool.doCommands(KeyTool.java:814) at sun.security.tools.KeyTool.run(KeyTool.java:171) at sun.security.tools.KeyTool.main(KeyTool.java:165) kindly help me to import .cer into .pfx file Thanks in Advance --------------- Siva Yaron Naveh Greenhorn Posts: 24 posted 6 years ago See here how to do the conversion in one shot: http://travisspencer.com/blog/2009/10/exporting-keys-from-a-jks-and.html [url]http://webservices20.blogspot.com/[/url] Web Services Performance, Interoperability And Testing B
Mailing List Use Advanced Search to search the entire archive. Re: [OpenDS-users] How do I trust our internal root CA? » Back to List Archive Chronological | Threaded « Previous Message Next » « Previous Thread Next » From: Ludovic Poitou