Apologies for my lack of understanding of certificates in general. I have a .p12 file (with a non-expired certificate) and a valid password so I can list the contents using:
keytool -list -keystore file.p12 -storepass password -storetype PKCS12 -v
In my Java code I am attempting an HTTPS post but keep getting this error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching [host.path.com] found
This same post works against one of my other environments which does not have any authentication required and the link is HTTP (vs. HTTPS). How do I make this .p12 file work for it to be recognized in the handshake?
You could use the following command
keytool -v -importkeystore -srckeystore alice.p12 -srcstoretype PKCS12 -destkeystore "c:\Program Files\Java\jre1.8.0_71\lib\security\cacerts" -deststoretype JKS
Default password for your cacerts will be changeit
Where trust store will be your JRE trust store
Please refer here for more information
http://www.webfarmr.eu/2010/04/import-pkcs12-private-keys-into-jks-keystores-using-java-keytool/
Related
I have a jks file and when i run the command keytool -keystore db-ssl-truststore.jks -list , i get the error
keytool error: java.io.IOException: BCFKS KeyStore corrupted: MAC calculation failed.
It seems, that you created keystore in BCFS format using the Bouncy Castle library.
If you want to see it in human-readable format, you can specify -storetype, -provider and -providerpath options for keytool:
keytool -keystore keystore.bckfs -storetype BCFKS -providerpath "bc-fips-1.0.2.jar" -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -list -v
I am trying to secure my SpringBoot server with SSL. I've generated a keystore and CSR. I received the intermediate and domain certificate from GoDaddy. I imported those into my keystore that was used to generate the CSR.
I used the following commands to generate the keystore and CSR.
keytool -genkey -alias server-alias -keyalg RSA -keysize 2048 -keystore keystore.jks -dname "CN=name,OU=Unit, O=Org, L=NoWhere, ST=NoWhere, C=CA"
keytool -certreq -alias server-alias -file domain.csr -keystore keystore.jks
In my SpringBoot application, I have the following configurations in my applications.properties file.
server.ssl.key-store-type=JKS
server.ssl.key-store=location/keystore.jks
server.ssl.key-store-password=password
server.ssl.key-alias=server-alias
security.require-ssl=true
I received the follow exception cause on startup:
Caused by: java.io.IOException: jsse.alias_no_key_entry
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:317)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 common frames omitted
I would really appreciate any help. Thanks!
There seem to be (at least) a couple reasons that this can occur:
The keystore contains a cert but not a private key ... or at least not the right key. See How to resolve : java.io.IOException: jsse.alias_no_key_entry
You have simply configured the wrong alias; if you enter an alias that does not exist in the keystore, you will get this same error.
The alias being looked up needs to exist in the keystore, and the associated private key needs to exist there (not just the cert.) If those conditions aren't met, it will throw this error.
Unable to go through realm discovery phase. While the samples code works good with IDP SSO circle. Facing issues when updated our securityContext.xml with our Company's Metadata.xml , imported pfx certificate and added to keystore.
Used below command to add to keystore :
keytool -importkeystore -srckeystore PFX_P12_FILE_NAME -srcstoretype pkcs12 -srcstorepass PFX_P12_FILE_PASS -srcalias SOURCE_ALIAS -destkeystore samlKeystore.jks -deststoretype jks -deststorepass nalle123 -destalias alias
PFB Exception Trace :
org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key
at org.springframework.security.saml.key.JKSKeyManager.getCredential(JKSKeyManager.java:193)
at org.springframework.security.saml.metadata.MetadataGenerator.getServerKeyInfo(MetadataGenerator.java:205)
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:329)
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
and console messages as below :
No default metadata configured, generating with default values, please pre-configure metadata for production use
Unable to retrieve keystore entry for entityID (keystore alias): apollo
Check for invalid keystore entityID/alias entry password
Used the entityBaseURL as the end party url shared with client. Also tried with entity id that appears in metadata.xml.
Any help is truly appreciated.
While using self-signed Keystore using keytool command, key-pair password (specified for keytool option -keypass) and keystore file password must be same.
We can create self-signed Keystore using below command
keytool -genkeypair -alias springsaml -keypass <password> -keystore saml-keystore.jks
when receive message "Enter keystore password" on terminal, enter the same password, which is provided for keytool option "-keypass"
after importing the der file to the key store as follow
keytool -keystore my-release-key.keystore -importcert
-file ~/Downloads/upload_cert.der -alias uploadcert
I get an error when trying to assemble release APK
trusted certificate entries are not password-protected
If I add
-protected
to the import, I geth
keytool error: java.lang.IllegalArgumentException: password can't be null
and if I pass the password after -protected I get usage help message.
not sure how to pass the password.
Any idea if I am on the right path to sign with google upload certificate der file ?
Got the same problem and password can't be null problem may be passed by editing the comment like:
keytool -keystore parkimayaz.keystore -importcert -file
~/Downloads/upload_cert.der -alias uploadcert -keypass "yourpass" -
storepass "yourpass"
Another info I used characters like (',#,^) on the password part which gave me some errors.
also please take a look at oracle keytool docs
Using the "server.store" file provided by the customer i need to create the certificate and the password for the keystore and also i need to know what format does the "server.store" has been provided. PKS or PEM format? how do i check the format from the existing "server.store" file.
assuming that your server.store is a keystore,
did you try with keytool?
You should be able to list the certificates with:
keytool -list -v -keystore server.store
and export with
keytool -export -alias mydomain -file mydomain.crt -keystore server.store
then you can export the certificate and convert it between format following one of the many tutorials on the web.
A couple of useful links:
http://support.citrix.com/article/CTX106631
http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
HTH.