I was creating an upload Keystore for my flutter project. after successful command run, It was showing this warning:
Enter key password for <upload>
(RETURN if same as keystore password):
Re-enter new password:
[Storing C:\Program Files\Android\Android Studio\jre\bin\keytool]
Warning:
The JKS keystore uses a proprietary format. It is The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry
The JKS keystore uses a proprietary format. It is The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry stan
The JKS keystore uses a proprietary format. It is The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format
The JKS keystore uses a proprietary format. It is The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "key
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Program F
i The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Program
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Pro
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Pro
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\P
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -s
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkey
store -srckeystore C:\Program Files\Android\AndroiThe JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -import
keystore -srckeystore C:\Program Files\Android\AndThe JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which s an industry standard format using "keytool -impo
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -impS C:\Users\Rohit\Desktop\CIS634\multi_store_app>
im
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytoo-r
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytoodi
The JKS keystore uses a proprietary format. It is The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an i
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore
y
pe pkcs12".
What to do now?
What has gone wrong?
Related
Good day! I created an API and want to use https access to it, for example: https: // localhost: 8243 / ssl / 1.0. Tell me where is the certificate for this API for him?
And the second question is, can I replace it with my own certificate?
Thanks!
You can create a new keystore using a cert you have. Please check - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/security/configuring-keystores/keystore-basics/creating-new-keystores/#creating-new-keystores
openssl pkcs12 -export -in <certificate file>.crt -inkey <private>.key -name wso2carbon -certfile <additional certificate file> -out wso2.pfx
keytool -importkeystore -srckeystore wso2.pfx -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS
Then you can replace the existing wso2carbon.jks in repository/resources/security location.
I want to use SSL on my server, therefore I have bout an SSL certificate, however the certificate had two parts one of them is the intermediate.
Now how to create the keystore for them?
What I did is the following:
1- chained both certificates and put them in one file.
2- I have usedd the next command to generate the keystore from the (chained certificate)
keytool -import -alias tomcat -file myCertificate.crt -keystore keystore.p12 -storepass password
3- I have add this code into my spring boot:
server.ssl.key-store: C:/Program Files/Java/jdk1.8.0_231/bin/keystore.p12
server.ssl.key-store-password: password
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
But I am still having the next issue:
'Alias name [tomcat] does not identify a key entry'
From looking into google I have found out that the issu is my keystore is generating my certificate as trustedCertEntry instead of PrivateKeyEntry.
How to fix this and what am I missing?
I've a web server running on an ec2-instance which internally calls a REST server that is built using Spring Boot. Now, I am trying to get this REST server running under SSL. Here's what I've done so far:
1) Created a CSR & a key file using this command
openssl req -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
2) Copied 'csr' to get SSL certificate from GoDaddy.
3) Successfully installed the certificate under Nginx on my ec2-instance.
4) When I hit the home page under https, it works. I no longer get 'Not secure' message from the browser.
5) Login fails because it makes a REST call but REST server is not running under SSL so I am trying to get it running under SSL.
6) Ran following commands:
keytool -import -alias mydomain -keystore tomcat.keystore -trustcacerts -file mydomain.com.chained.crt
keytool -import -alias mydomain-key -keystore tomcat.keystore -trustcacerts -file mydomain.key
The previous command gives me an error message:
"keytool error: java.lang.Exception: Input not an X.509 certificate"
But this was the one created in step 1 above & the same file works under Nginx. What am I missing (other than the fact that I know very little about setting up SSLs!)? I need the second command to specify the value of 'server.ssl.keyAlias' in application.properties, I believe.
Not really an answer but overflowed comment.
You don't need to 'generate' an X.509 cert; you already got that from GoDaddy. If (and only if) the SpringBoot server is accessed by the same name(s) as (external) nginx -- which is unclear to me -- you need to convert the pair of private key AND certificate CHAIN from PEM format to a format Java uses. See:
How to import an existing x509 certificate and private key in Java keystore to use in SSL?
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
How to use .key and .crt file in java that generated by openssl?
Importing the private-key/public-certificate pair in the Java KeyStore
maybe Import key and SSL Certificate into java keystore
Thanks #Dave_thompson_085. Following 2 commands did the trick!
openssl pkcs12 -export -in mydomain.com.chained.crt -inkey mydomain.key -out keystore.p12 -name my-alias -caname root
keytool -importkeystore -deststorepass mypassword -destkeypass mypassword -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass mypassword -alias my-alias
and then in the application.properties I specified following properties:
server.port=8443
server.ssl.enabled=true
security.require-ssl=true
server.ssl.key-store=/etc/nginx/ssl/keystore.jks
server.ssl.key-store-password=mypassword
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my-alias
I took sample webapp from https://github.com/vdenotaris/spring-boot-security-saml-sample and it is working file. Later. I tried to connect kennisnet staging environment.
Kennisnet details here
https://developers.wiki.kennisnet.nl/index.php?title=KNF:Hoofdpagina/en
I updated metadata which is downloadable from this url https://hub-s.entree.kennisnet.nl/openaselect/profiles/saml2/
I generated smalKeyStore.jks using below commands
keytool -genkey -alias tomcat -keyalg RSA -keystore samlKeyStore.jks
keytool -importkeystore -srckeystore samlKeyStore.jks -destkeystore
samlKeyStore.jks -deststoretype pkcs12
I followed all Spring SAML https threads in stackoverflow and not able to figure it out this issue.
LOGS:
Add the certificate to your JDK so that your application can get the metadata from URL https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2.
These are the steps you need to fillow:
Download the certificate for aselect-s.entree.kennisnet.nl
Import the certificate to your JDK/JRE using this command:
keytool -keystore #path to java_home#/lib/security/cacerts -importcert -alias #anything relevent# -file #path to certificate#
Make sure your server is using same java_home where you are importing the certificate, also verify the subjectname in the certificate before importing, it must be "CN = *.entree.kennisnet.nl"
Restart the server.
I am trying to establish SSL connection between spring boot application and GCP MySQL instance.
For that have generated and downloaded 'client-cert.pem', 'client-key.pem' and
'server-ca .pem' from GCP.
Followed below steps:
Step 1: generated 'my-cert.p12' file
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out my-cert.p12
Step 2 : imported 'my-cert.p12' file
keytool -importkeystore -srckeystore D:\my-cert.p12 -destkeystore ./cacerts -srcstoretype PKCS12 -deststorepass changeit
setp 3 : converted 'server-ca.pem' to 'server-ca.der'
openssl x509 -in server-ca.pem -inform pem -out server-ca.der -outform der
step 4 : imported 'server-ca.der'
keytool -importcert -alias gcp-mysql-ca -keystore ./cacerts -storepass changeit -file D:\server-ca.der
step 5: configured spring boot application.properties file:
spring.datasource.url= jdbc:mysql://xxx.xxx.xxx.xxx:3306/xxx?useUnicode=true&characterEncoding=utf8&useSSL=true&requireSSL=true
When I run spring boot application, getting below exception:
Caused by: java.sql.SQLException: Access denied for user
'root'#'XXX.XXX.XXX.XX' (using password: YES)
Can anyone suggest a good way to install GCP MySQL SSL certificate and configure it in Spring Boot application?
Have you considered using the Spring Cloud GCP SQL integration?
You could use a Google OAuth2 credential and Spring Cloud GCP would take care of the rest.
https://github.com/spring-cloud/spring-cloud-gcp
https://docs.spring.io/spring-cloud-gcp/docs/1.0.0.M2/reference/htmlsingle/#_spring_jdbc