keytool

问题 I have a CA issued CERT in PKCS#7 format. It has certificates (chained) within it. Keytool does not recognize the PKCS7 format. I have tried OpenSSL tool to convert PKCS7 format certificate to PEM format and it fails. I receive an error message "Unable to load PKCS7 object". How do I import the PKCS7 cert chain to my JKS? 回答1: As you can read in the keytool reference for -importcert command: Reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply)

问题 I have to create an application which generates a CSR. While generating a CSR we are required to fill in several details like CN, OU, etc. The problem is that the Certifying Authority to which I have to send my CSR wants 2 OU(Organizational Unit) Names. I googled a lot but couldn't find anything using either openssl or java keytool by which I can specify 2 OU Names. Can someone please tell me how I can specify 2 OU Names while generating the CSR? 回答1: If you want to do it via CLI you can use

问题 While importing .p12 to cacerts I'm facing the following issue. First line says alias already exists and then when I try to overwrite it says alias not found. Please help me tackle this issue. /usr/java/default/jre/bin/keytool -importkeystore -deststorepass changeit -destkeystore /usr/java/default/jre/lib/security/cacerts -srckeystore /home/sogadm/MB_copy/MB_client.p12 -srcstoretype pkcs12 -srcstorepass 123456 -alias mb_ca Existing entry alias mb_ca exists, overwrite? [no]: yes keytool error:

问题 I've signed my jar with a key that I generated using keytool. At runtime, how do I verify that the jar hasn't been modified? The goal is to use the certificate information and verify that each class in the jar has not been modified since the jar was built. This is a runtime check so the jar containing the code could be anywhere on the user's file system. 回答1: The JarFile class embeds the jar verifier. This code snippet verifies the signature of all entries in an archive : JarFile jar = new

问题 I'm working on an app for a client that requires an SSL connection with an API. I've been provided with three files; a trust root certificate (.cer) file, an intermediate certificate (.cer) file and a signed response file. The instructions I've been given to install this relate to either IIS or the Java keytool program; I'm building the app in Ruby on Rails so neither is an option (as far as I am aware). The certificates are self-signed by the organisation who runs the API service and it

问题 I have a self-signed cert for my linux email server exim. To enable my Java functions to access this email server via GlassFish, I originally issued: # keytool -importcert -v -noprompt -alias mail.mycompany.com -file /path/to/mail.mycompany.com.der -keystore /path/to/config/cacerts.jks -storepass changeit Certificate was added to keystore This worked fine, until the certificate expired. I had to create a new self-signed cert, and now Java gives the error PKIX path validation failed … path

问题 When I use keytool to generate a key with ECC, I get this error : Error keytool: java.security.NoSuchAlgorithmException: EC KeyPairGenerator not available Then syntax used to generate a key is: keytool -genkey -alias testing -keyalg EC -keysize 256 -keystore try.jks -dname "CN=localhost,OU=dep,O=lks,L=ny,ST=ny,C=USA" I have this Java version: openjdk version "1.8.0_60" OpenJDK Runtime Environment (build 1.8.0_60-b16) OpenJDK 64-Bit Server VM (build 25.60-b16, mixed mode) 回答1: I had the same

问题 I have an application jar from which I m calling an HTTPS url using DefaultHTTPClient class object but its giving peer not authenticate exception , so I want to sign jar using keystore. I have .cer file which has public key and I can able to import into keystore but when I use jarsigner tool it says certificate chain not found.you must have private key and associate public key. I have .pfx file also which is suppose to an private key but I don't know how to import it.can any one able to tell

问题 I have imported a certificate into a private ~/.keystore file: keytool -list Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry mylyn-mantis, Jul 15, 2010, trustedCertEntry and am trying to sign a jar with it, but I get a 'certificate chain not found' error. jarsigner -verbose /home/robert/file.jar mylyn-mantis jarsigner: Certificate chain not found for: mylyn-mantis. mylyn-mantis must reference a valid KeyStore key entry containing a private key

问题 I am trying to discover the list of trusted authorities in my Java Runtime using the instructions in this article. When I typed the command below: C:\ColdFusion8\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore I got the following error: 'keytool' is not recognized as an internal or external command, operable program or batch file. I checked that the directory containing my keytool executable is in the path. (On my Windows 7 machine, it's in C:\Program Files (x86)\Java