I have an apk. I am trying to upload the new apk in publish console.As per the google rules we have to app signing. I have choose
export and upload a key from a Java keystore and i have download the pepk tool and then i have copied the below command
java -jar pepk.jar --keystore=foo.keystore --alias=foo --output=F:\Java\bin --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f15022017b00c64715022017b00c647f4ba4fe93fc8cef
Note: the encryption key is i have typed manually. For Security purpose i did not posted it.
When i run the above command in command prompt. It asks for keystore password. I have entered the keystore password. after it asks for alias password. I did not set any alias password. If i did not enter anything and then i click enter itsef. It says error.
Error: Unable to export or encrypt the private key...
how to solve this error.
You need find out the alias from keystore file.
keytool -list -v -keystore keystore.jks
remember the
keystore.jks file where it is actually located (path).
If you run the above command in the console. show you the output like that.
Now you have the alias from certificate and you can then run the above command easily. I hope this will help you out.
Regards,
Related
Could not create script recorder - see log for details: >> keytool error: java.secuirity.KeyStoreException: jks not found <<
Command failed, code: 1
'keytool -genkeypair - alias : root_ca:-dname "CN= _JMeter Root for CA for recording (INSTALL ONLY IF IT S YOURS ), OU= Username: ujala , C=IN" -keyalg RSA -keystore proxyserver .jks -storepass {redacted}-keypass {redacted}-validity 7 - ext bc:c'
How to solve this error during the recording controller in JMeter???
If you properly installed JMeter and Java you should not see error like this, at least I have never faced anything similar.
The fact that keytool application cannot detect jks keystore type which is the default type indicates that something is wrong with your Java installation so I would recommend reinstalling JDK from scratch.
My expectation is that it should resolve your issue. If it doesn't - check whether you (or somebody else) amended any default Test Script Recorder certificate configuration. If the values differ from defaults - try reverting them (or even reinstalling JMeter)
Also be aware of an alternative way of recording a JMeter test: JMeter Chrome Extension, in this case you won't need to think about proxies and certificates
I'm running a JBOSS EAP 7.3 server and trying to add a private key to the elytron keystore.
The following works:
$JBOSS_HOME/bin/jboss-cli.sh --connect --command=/subsystem=elytron/credential-store=keystore:add-alias(alias='keyalias', secret-value='password')
But the issue here is the password is shown in plain text on the command line. I attempted to manually add the key using the keytool command:
keytool -importpass -alias 'keyalias' -v -keystore $JBOSS_HOME/keystore.p12 -storetype pkcs12
Which then prompts me to enter the keystore password and the key as I want, but trying to reference this key in the server results in the following error:
{ "outcome" => "failed", "failure-description" => {"WFLYCTL0080: Failed services" => { Caused by: org.jboss.as.controller.OperationFailedException: WFLYELY00920: Credential alias 'keyalias' of credential type 'org.wildfly.security.credential.PasswordCredential' does not exist in the store [ \"WFLYELY00920: Credential alias 'keyalias' of credential type 'org.wildfly.security.credential.PasswordCredential' does not exist in the store\" ]"}}, "rolled-back" => true, "response-headers" => {"process-state" => "reload-required"} }
Is it possible to add elytron keys via the keystore tool? Or is it possible to add the key in a way such that the plaintext value isn't exposed on the command line?
I'm new to JBOSS and having trouble finding resources on this particular topic. Thanks
I think JBOSS does additional changes to the stored values, so it is not possible to use the KeyTool.
If you're only concerned about the plaintext showing up in the shell history, you could use a HISTIGNORE environment variable to ignore commands that relate to showing passwords. At least then there won't be plaintext passwords in the history.
Hope this helps!
You could use elytron-tool.sh with a masked password or even not provide password with a command and prompt will ask for it
I am trying to install the version 2.162 of the open source Jenkins. The Jenkins successfully came up but, when I go to Manage Jenkins-> Manage Plugins, I see following error:
I've done some search and see this problem is regarding the certificate issue
There were errors checking the update sites: SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target
In the keystore, which website certs should I add so that jenkins can donwload the plugins from?
I was able to solve this from Jenkins UI very easy to login to Jenkins with Admin
Manage Jenkins
Manage Plugins
Advance (Under the Manage Plugins)
Change URL from https to http and click on Submit
In the Last click on Check Now
You have to configure JENKINS update-site CA-s certificates in your JENKINS java store. Just get those certificates (you can get it from your browser accessing update-site URL) and add it to your java store (java store path: $JAVA_HOME/jre/lib/security/cacerts)
To fix this you need to download all the certificates used by all the sites related to the update plugin process in Jenkins.
Typically:
get.jenkins.io.cer
mirror.gruenehoelle.nl.cer
updates.jenkins.io.cer
There may be more. As you install a plugin. If it fails. Just repeat the process to download the certificate and add it to your keystore.
> Example: keytool -import -alias mirrorgruen -keystore
> $JAVA_HOME/jre/lib/security/cacerts -file ./mirror.gruenehoelle.nl.cer
This worked on MACOSx. Tip: Unless you've changed it. Use the default password of 'changeit' when prompted to type in your password.
Finally restart Jenkins - then attempt to install the plugins. That should turn the results green.
I think the answer here might solve your problem, sounds like the same issue:
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
You should have latest version of JDK.
I faced same issue and it was because while installing I used jdk1.8.0_241 instead of Java 2.91. And here I ended up in all kind of issues.
First I need to move to http from https (Solution above) and then still got same error while installing plugin.
To resolve this , you can see which Java version your Jenkins is referring, in your Jenkins installation HOME folder, under file named Jenkins.xml. Search for following line -
C:\Program Files\Java\jre1.8.0_291\bin\java.exe
if it is outdated, update it, JDK 1.8.291 worked like a charm for me !
This JIRA ticket helped me in getting to root cause of this -
https://issues.jenkins.io/browse/JENKINS-63515
I was using java version "1.8.0_91" when getting the SSL handshake error. Problem got solved after following instructions followed to upgrade Java to version 11
I downloaded jdk version 11.0.14 from https://www.oracle.com/java/technologies/downloads/#java11 and installed it
Also installed fontconfig using
yum install fontconfig
Modified below in /etc/init.d/jenkins with path of Java 11. Ex - /root/jdk-11.0.14/bin/java . Gave 755 permission to all folders and files in path /root/jdk-11.0.14/bin/java
Also configured update site in Jenkins configuration as
http://updates.jenkins-ci.org/update-center.json
If your problem is still not solved with above changes and if you are using a proxy where proxy is giving its own SSL certificate instead of original certficate of the website then below steps will be needed.
Add your HTTP proxy certificate (Get it from your IT team. Or access Jenkins update site in your laptop using same proxy and export certificate from browser as base64 cer file) to trusted certificates using below commands. Put the exported certificates in cer file in linux using vim. Make sure to give 755 permission for all folders and files in below paths so that jenkins user can read them.
CA cert paths
/root/jdk-11.0.14/jre/lib/security/cacerts
/root/jdk-11.0.14/lib/security/cacerts
keytool -import -noprompt -trustcacerts -alias proxy3 -file /root/proxy1.cer -keystore /root/jdk-11.0.14/lib/security/cacerts -storepass changeit -keypass changeit
keytool -import -noprompt -trustcacerts -alias jenkins3 -file /root/jenkins1.cer -keystore /root/jdk-11.0.14/lib/security/cacerts -storepass changeit -keypass change
configured /etc/sysconfig/jenkins with
ENKINS_HTTPS_KEYSTORE="/root/jdk-11.0.14/lib/security/cacerts"
JENKINS_HTTPS_KEYSTORE_PASSWORD="changeit"
Modified below in /etc/init.d/jenkins
candidates="
/root/jdk-11.0.14/bin/java
PARAMS="--logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war -Djavax.net.ssl.trustStore=/root/jdk-11.0.14/lib/security/cacerts"
Just a small hack. Update the URL in the file "hudson.model.UpdateCenter.xml" from https to http
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
<url>http://updates.jenkins.io/update-center.json</url>
</site>
</sites>
Background: I have an ongoing problem with a Connection Failure error message when I try connecting to an API using CFHTTP. While reviewing the API in SoapUI I noticed there was a button SSL Info (3 certs) which is outlined below. When I click the button a window of copy pops up with the headlines outlined below.
"SSL Info (3 certs)"
CipherSuite:
PeerPrincipal
Peer Certificate 1:
Peer Certificate 2:
Peer Certificate 3:
I have a feeling these are the key to getting my application to connect and pull the JSON correctly.
Question: How or Where do I install this cert information. Should I copy all 310 lines in the window with the cert information and place it in new file and save it somewhere?
Any info would be great.
I have answered the question of installing certificates before. Here are the steps again to save you from searching...
If you are using cfhttp to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:
Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.
The default truststore is the JRE's cacerts file. This file is typically located in the following places:
Server Configuration:
cf_root/runtime/jre/lib/security/cacerts
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/lib/security/cacerts
Sun JDK installation:
jdk_root/jre/lib/security/cacerts
Consult documentation for other J2EE application servers and JVMs
In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.
Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
View the certificate by clicking on the lock icon and clicking view certificate
Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
Click on IE's Internet Options and click the Content tab
Click the Certificates button
Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
Export using DER format
Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)
Run cmd prompt as administrator on the ColdFusion server
Make a backup of the original cacerts file in case you run into issues
The keytool is part of the Java SDK and can be found in the following places:
Server Configuration:
cf_root/runtime/bin/keytool
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/bin/keytool
Sun JDK installation:
jdk_root/bin/keytool
Consult documentation for other J2EE application servers and JVMs
To install the cert:
Change directory to your truststore's location (where the cacerts file is located)
Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -import -v -alias your_cert_alias_name -file C:\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit
Type yes at the prompt to "Trust this certificate?"
Note: your_cert_alias_name I used above can be whatever you want
Note: C:\wherever_you_saved_the_file\cert_file.cer change these values to whatever you use for the server folder and certificate file name
To verify the cert:
Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit
Note: your_cert_alias_name use the same name here that you used above to install the cert
Restart the ColdFusion service It will not read the updated cacerts file until you do this.
You can delete the imported certificate file from the server if you wish.
I am trying to make a X.509 certificate. I am using makecert.exe to make this. I use this command to make my X.509 certificate
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyServerCert -sky exchange –pe
But i don`t know there X.509 certificate is storeing.
I need to use this X.509 certificate in my c# code. The code is :
host.Credentials.ServiceCertificate.Certificate = new X509Certificate2("MyServerCert.p12", "password");
But i don`t know what is password and it throw this exception "The system cannot find the file specified."
I always use the SelfCert tool from PluralSight. You can download it here. The same pages also give usage and code examples.
Great free tool, can't do without it.
It is nice that you have find that makecert command but perhaps if you would also check makecert documentation you have found where the certificate is stored because it is defined in the paramaters of your command:
sr says that certificate will be generated for LocalMachine store location
ss says that certificate will be stored in Personal (My) store
The certificate is stored in certificate store so use MMC.exe to find it:
Open Start menu
In Search / Run type mmc and run it
In File menu select Add / Remove snap-in
Select Certificates snap-in with scope of Local computer and confirm selection
Now in Personal store for your LocalMachine select certificate called MyServerCert and from context menu select All Tasks > Export. During Exporting check that you want export private key but don't check extended security or private key deletion. You will also have to select path where exported certificate will be stored and password for access to a private key.
From VS command prompt you can also run this command which will do the export for you as well:
certutil.exe -privatekey -p password -exportpfx "MyServerCert" C:\Temp\MyServerCert.pfx
It should export your certificate with private key to Temp directory and password to certificate will be password.