how to sign APK with google upload key der file? - apk

after importing the der file to the key store as follow
keytool -keystore my-release-key.keystore -importcert
-file ~/Downloads/upload_cert.der -alias uploadcert
I get an error when trying to assemble release APK
trusted certificate entries are not password-protected
If I add
-protected
to the import, I geth
keytool error: java.lang.IllegalArgumentException: password can't be null
and if I pass the password after -protected I get usage help message.
not sure how to pass the password.
Any idea if I am on the right path to sign with google upload certificate der file ?

Got the same problem and password can't be null problem may be passed by editing the comment like:
keytool -keystore parkimayaz.keystore -importcert -file
~/Downloads/upload_cert.der -alias uploadcert -keypass "yourpass" -
storepass "yourpass"
Another info I used characters like (',#,^) on the password part which gave me some errors.
also please take a look at oracle keytool docs

Related

Getting "BCFKS KeyStore corrupted: MAC calculation failed." error

I have a jks file and when i run the command keytool -keystore db-ssl-truststore.jks -list , i get the error
keytool error: java.io.IOException: BCFKS KeyStore corrupted: MAC calculation failed.
It seems, that you created keystore in BCFS format using the Bouncy Castle library.
If you want to see it in human-readable format, you can specify -storetype, -provider and -providerpath options for keytool:
keytool -keystore keystore.bckfs -storetype BCFKS -providerpath "bc-fips-1.0.2.jar" -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -list -v

org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key

Unable to go through realm discovery phase. While the samples code works good with IDP SSO circle. Facing issues when updated our securityContext.xml with our Company's Metadata.xml , imported pfx certificate and added to keystore.
Used below command to add to keystore :
keytool -importkeystore -srckeystore PFX_P12_FILE_NAME -srcstoretype pkcs12 -srcstorepass PFX_P12_FILE_PASS -srcalias SOURCE_ALIAS -destkeystore samlKeystore.jks -deststoretype jks -deststorepass nalle123 -destalias alias
PFB Exception Trace :
org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key
at org.springframework.security.saml.key.JKSKeyManager.getCredential(JKSKeyManager.java:193)
at org.springframework.security.saml.metadata.MetadataGenerator.getServerKeyInfo(MetadataGenerator.java:205)
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:329)
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
and console messages as below :
No default metadata configured, generating with default values, please pre-configure metadata for production use
Unable to retrieve keystore entry for entityID (keystore alias): apollo
Check for invalid keystore entityID/alias entry password
Used the entityBaseURL as the end party url shared with client. Also tried with entity id that appears in metadata.xml.
Any help is truly appreciated.
While using self-signed Keystore using keytool command, key-pair password (specified for keytool option -keypass) and keystore file password must be same.
We can create self-signed Keystore using below command
keytool -genkeypair -alias springsaml -keypass <password> -keystore saml-keystore.jks
when receive message "Enter keystore password" on terminal, enter the same password, which is provided for keytool option "-keypass"

How to add a *.P12 keystore (with one entry)?

Apologies for my lack of understanding of certificates in general. I have a .p12 file (with a non-expired certificate) and a valid password so I can list the contents using:
keytool -list -keystore file.p12 -storepass password -storetype PKCS12 -v
In my Java code I am attempting an HTTPS post but keep getting this error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching [host.path.com] found
This same post works against one of my other environments which does not have any authentication required and the link is HTTP (vs. HTTPS). How do I make this .p12 file work for it to be recognized in the handshake?
You could use the following command
keytool -v -importkeystore -srckeystore alice.p12 -srcstoretype PKCS12 -destkeystore "c:\Program Files\Java\jre1.8.0_71\lib\security\cacerts" -deststoretype JKS
Default password for your cacerts will be changeit
Where trust store will be your JRE trust store
Please refer here for more information
http://www.webfarmr.eu/2010/04/import-pkcs12-private-keys-into-jks-keystores-using-java-keytool/

Record function in Jmeter results in a error message

I recently downloaded and installed Jmeter 2.11. afterwards I tried the record functionality of the program, but that resulted in an error message:
“Could not create script recording proxy – see log for detail”.
I have try modifying the “environment variables”, but that does not help.
In the Log from the application the following message was shown.
2014/08/19 10:23:02 WARN - jmeter.protocol.http.proxy.ProxyControl: Could not open/read key store C:\apache-jmeter-2.11\bin\proxyserver.jks (The system cannot find the file specified)
2014/08/19 10:23:02 INFO - jmeter.protocol.http.proxy.ProxyControl: Creating Proxy CA in C:\apache-jmeter-2.11\bin\proxyserver.jks
2014/08/19 10:23:02 ERROR - jmeter.protocol.http.proxy.ProxyControl: Could not initialise key store java.io.IOException: Command :'keytool -genkeypair -alias :root_ca: -dname "CN=_ DO NOT INSTALL unless this is your certificate (JMeter root CA), OU=Username: TATG, C=US" -keyalg RSA -keystore proxyserver.jks -storepass {redacted) -keypass {redacted) -validity 7 -ext bc:c' failed, code: 1
Illegal option: -ext
Try keytool -help
at org.apache.jorphan.exec.KeyToolUtils.genkeypair(KeyToolUtils.java:168)
at org.apache.jorphan.exec.KeyToolUtils.generateProxyCA(KeyToolUtils.java:230)
I notice the proxyserver.jks is missing under the bin directory.
How can I resolve this problem or get a copy of this file(ie. hack the directory)?
Read this, it answers exactly this issue:
https://wiki.apache.org/jmeter/TestRecording210

I need to certificates using keystore file having an extension ".store" provided from client supported by tibco BW project

Using the "server.store" file provided by the customer i need to create the certificate and the password for the keystore and also i need to know what format does the "server.store" has been provided. PKS or PEM format? how do i check the format from the existing "server.store" file.
assuming that your server.store is a keystore,
did you try with keytool?
You should be able to list the certificates with:
keytool -list -v -keystore server.store
and export with
keytool -export -alias mydomain -file mydomain.crt -keystore server.store
then you can export the certificate and convert it between format following one of the many tutorials on the web.
A couple of useful links:
http://support.citrix.com/article/CTX106631
http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
HTH.

Resources