I'm trying to import a truststore [Internally created] to mac's keychain but I'm unable to and I get the following error on terminal - security: SecKeychainItemImport: Unknown format in import.
Command used: security import <path_to_truststore> -k ~/Library/Keychains/login.keychain
When I directly try to import on to Keychain i.e drag and drop on to UI - The contents of this item cannot be retrieved.
Related
I am using github action to create archive ios build. While github runs my yml file, it gives error stating:
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
I rechecked my certificates and provisioning profiles, and able to create build on my local system using xcloud.
I got this error after deleting the default keychain expecting that MacOS will pick the available one as default but it did not.
security: cert import failed: A default keychain could not be found.
security: problem decoding
I want to set the default keychain using cli
security default-keychain -s "/Users/ted/Library/Keychains/login.keychain-db"
Found it in
man security
A certificate is required to connect my SonarQube server. I have installed the SonarLint plugin, but it does not have any option to add certificates to connect my SonarQube server. It has only URL, username , password options. Is there any way to set certificates ?
SonarLint does not permit the configuration of certificates, but you can add certificate to JRE or JDK.
https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html
Copied text from the Oracle documentation:
Import the Certificate as a Trusted Certificate
Before you can grant the signed code permission to read a specified file, you need to import Susan's certificate as a trusted certificate in your keystore.
Suppose that you have received from Susan
the signed JAR file sCount.jar, which contains the Count.class file, and
the file Example.cer, which contains the public key certificate for the public key corresponding to the private key used to sign the JAR file.
Even though you created these files and they haven't actually been transported anywhere, you can simulate being someone other than the creater and sender, Susan. Pretend that you are now Ray. Acting as Ray, you will create a keystore named exampleraystore and will use it to import the certificate into an entry with an alias of susan.
A keystore is created whenever you use a keytool command specifying a keystore that doesn't yet exist. Thus we can create the exampleraystore and import the certificate via a single keytool command. Do the following in your command window.
Go to the directory containing the public key certificate file Example.cer. (You should actually already be there, since this lesson assumes that you stay in a single directory throughout.)
Type the following command on one line: keytool -import -alias susan -file Example.cer -keystore exampleraystore
Since the keystore doesn't yet exist, it will be created, and you will be prompted for a keystore password; type whatever password you want.
The keytool command will print out the certificate information and ask you to verify it, for example, by comparing the displayed certificate fingerprints with those obtained from another (trusted) source of information. (Each fingerprint is a relatively short number that uniquely and reliably identifies the certificate.) For example, in the real world you might call up Susan and ask her what the fingerprints should be. She can get the fingerprints of the Example.cer file she created by executing the command
keytool -printcert -file Example.cer
If the fingerprints she sees are the same as the ones reported to you by keytool, the certificate has not been modified in transit. In that case you let keytool proceed with placing a trusted certificate entry in the keystore. The entry contains the public key certificate data from the file Example.cer and is assigned the alias susan.
have installed the gpg4win version 2.2. I have Successfully created the certificate using gpgsm --gen-key > test.p10
I want to export the created certificate request into pkcs12 format with gpgsm --export-secret-key-p12, but while exporting into p12 i get the error message "No Secret key"
When i run gpgsm --list-secret-keys on command prompt,it indeed displays nothing.
Why would the export step is fail? and where the secret keys are present while generating certificates?
I have Successfully created the certificate using gpgsm --gen-key > test.p10
GpgSM from gpg4win-2.x only can generate certificate signing requests.
It stores the secret part of your certificate under %APPDATA%\gnupg\private-keys-v1.d and prints out the signing request. That singing request is supposed to be sent to a Certificate Authority that signs your certificate (like cacert).
You then import the signed certificate and it will then show up unter --list-secret-keys and will be exportable.
With GnuPG 2.1 (can be downloaded as windows installer from gnupg.org) you are asked when generating a key if you want to selfsign it. In that case your "test.p10" would contain the signed certificate that you can then import into gpgsm and use / export it directly without the need for a CA.
Error Message: Cannot import the following key file: . The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user’s personal certificate store.
Some said to use following command to fix it, though mine doesn't return a container name, so I am not sure how to run this command. We don't have a password in the certificate at all.
sn -i companyname.pfx VS_KEY_3E185446540E7F7A