keytool | 易学教程

Unable to convert .jks to .pkcs12: excess private key

阅读更多关于 Unable to convert .jks to .pkcs12: excess private key

Update Dec 30, 2017 – 4 : I've managed to unpack .jks file and extract key and certs from it. To do this I wrote a small nodejs program inspired by signerbox2 an open-source project that uses .jks to sign data. In particular, I use jksreader npm package, which only exists for several days now! The program I wrote looks like this: const fs = require('fs'); jksreader = require('jksreader'), pathToFile = process.argv[2], password = process.argv[3], contents = fs.readFileSync(pathToFile), parsedContent = jksreader.parse(contents); var key = jksreader.decode(parsedContent.material[0].key, password)

Keytool usage with Runtime.getRuntime().exec() under Linux

阅读更多关于 Keytool usage with Runtime.getRuntime().exec() under Linux

问题 I'd like to call the java keytool during runtime execution providing dynamic arguments. Here's what is working under Windows, but not under Linux (Ubuntu) same Java 1.6.0: File f = new File("mykey.jks"); StringBuilder command = new StringBuilder(); command.append(System.getProperty("java.home") + System.getProperty("file.separator") + "bin" + System.getProperty("file.separator") + "keytool"); command.append(" -genkey"); command.append(" -dname \"cn=foo,ou=bar,o=company,c=CH\""); command

How to chain a SSL certificate

阅读更多关于 How to chain a SSL certificate

问题 Is there any way we can chain our own generated key pair with an existing certificate which has been chained to a root CA (eg: verisign)? Basically my question is described in diagram below Verisign Root CA | --> Company XYZ certificate | ---> Server foo certificate Once i've generated key pair for server foo, how do I chain it with Company XYZ cert? 回答1: If Company XYZ has an Intermediate Certificate Authority certificate then you can. This kind of certificates are authorized by the root CA

How to automatically install self signed certificate in IE Trusted Root Certification Authorities store

阅读更多关于 How to automatically install self signed certificate in IE Trusted Root Certification Authorities store

I created a self signed certificate but the browser tells me "This CA Root Certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store". I did by going into IE --> Internet Options --> Content --> Certificates --> ect... I actually had to export the self signed certificate and then import it into the Trusted Root Certification. Only after the certificate was located under the ROOT store in the users machine that IE did not display any WARNINGS. This will be deployed in a production environment, so having the users manually do the

Importing First Data certificate into ColdFusion

阅读更多关于 Importing First Data certificate into ColdFusion

问题 I've tried to import the certificate from First Data into my ColdFusion 9 setup using the keytool as so: keytool -importcert -keystore MYCF9Dir\runtime\jre\lib\security\cacerts -trustcacerts -alias firstdata -file FirstData.pem The import seems to work, however when I access the WSDL via any ColdFusion function or tag it throws a "I/O Exception: Received fatal alert: handshake_failure". Which tells me it can't access the site with the certificates that it has, or can't find it. So, am I

How to import a jks certificate in java trust store

阅读更多关于 How to import a jks certificate in java trust store

问题 How do I import a .jks file into the java security's truststore? All the tutorial I'm seeing is using a ".crt" file. However, I only have the ".jks" file which is also the keystore I generated using the keytool command. Currently, I'm following this tutorial. I was able to generate a Java keystore and key pair and generate a certificate signing request (CSR) for an existing Java keystore, which is based on the tutorial. But I cannot import a root or intermediate CA certificate to an existing

Renew certificate with Java Keytool - reuse old CSR?

阅读更多关于 Renew certificate with Java Keytool - reuse old CSR?

问题 I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it. Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR? 回答1: You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of

Java开发者必备的六款工具

阅读更多关于 Java开发者必备的六款工具

摘自 http://www.csdn.net/article/2015-03-26/2824317 每一位Java程序员都会有套工具来应对工作上的挑战。多年来，Java程序员使用软件来完成他们的工作。有很多工具对他们是有用的，不过对于初入行的人员来说，寻找合适的工具是困难的，并且是浪费时间的。而今天我们将列出六款Java程序员必备的工具。 1. Notepad++ Notepad++是用于编辑xml、脚本以及记笔记的最佳工具。这个工具的最好部分在于，你在Notepad++上打开的任何一个文档，在关闭后都会有一个残留文档，它有助于在意外删除重要文档，还有办法恢复。Notepad++是一款非常有特色的编辑器，是开源软件，可以免费使用。 2. XML Marker XML Marker工具对Java程序员来说是非常重要的。它可以帮助开发者更好的完成工作。XML Marker是一个xml编辑器，使用同步表、树和文本显示，显示层次和XML数据表格的性质。它通过收集自动生成重复属性和标签名称，然后安排它们到列的任何选择的标签表格中显示。 3. SQL Developer 这是一款针对数据库管理员的免费工具，你可以使用这款工具链接数据库和SQL语句。它的功能不像Toad那样多，但是对你而言已经足够使用了。这款工具的唯一缺点就是使用时需要有JDK。 4. Jad Jad用于反编译Java类

Can I merge multiple Android keystore files into one?

阅读更多关于 Can I merge multiple Android keystore files into one?

I have got myself into a slightly annoying situation with Android keystore files. Currently I have a few different apps each signed with a different keystore file. Kinda like this: AppName1.apk signed with AppName1.keystore AppName2.apk signed with AppName2.keystore AppName3.apk signed with AppName2.keystore Each of the keystores contain different names and aliases for each app. I'm now learning that doing it this way is a bit silly and it would be better to use a single keystore file for all my apps. I am about to publish a new app so I'm trying to get it right this time around. My general

keytool error: java.lang.Exception: Input not an X.509 certificate

阅读更多关于 keytool error: java.lang.Exception: Input not an X.509 certificate

问题 I am trying to import Gmails smtp certificate for use with Jira, but I get this error when importing using Javas keytool. I used openssl to get the certificate, everything between ----Begin Certificate---- and ----End Certificate---- (inclusive). I also attempted to create an x.509 certificate using Windows Certificate Manager, but still get this error. I have verified that there are no extra whitespaces in the file. I have seen many people with this problem online, but none of the solutions