I want to retrieve the csr file from jks or cer file (have lost the .csr file). Please let know if it's possible from keytool command.
You cannot generate a certificate request from a certificate file. You can only do it for a KeyPair that is in your keystore (jks). You can run this keytool command to generate a csr (pkcs#10)
keytool -certreq -keystore [KEYSTORE_PATH] -storepass [KEYSTORE_PASSWORD] -alias [KEYPAIR_ALIAS] -file [CSR_FILE]
You can see the content of the csr you generated by using the below command.
keytool -printcertreq -file [CSR_FILE]
Related
Hi all I have a keystore A and want to create a truststore B now all the certficiates are stored in A, I assume I would have to extract each certificate in their own .crt file and then
keytool -import -file C:\cascerts\firstCA.cert -alias firstCA -keystore myTrustStore
for each certificate this can be quite a chore, is there any easier way that given a keystore A create a truststore B?
I have IIS server with pfx containing L1K cert. I need to request a new L1M cert for it, AND will need to also be able to import the returning cert to a java keystore as the URL in question will move from IIS to Apache Tomact.
Help!
I think I found the way to do this.
*credit to this site:
https://www.jamf.com/jamf-nation/discussions/4646/converting-a-windows-pfx-or-windows-pkcs12-keystore-to-a-jks-keystore
1 - use keytool to import PFX into JKS
keytool -importkeystore -srckeystore .pfx -srcstoretype pkcs12 -destkeystore .jks -deststoretype JKS
2 - get details such as Alias from PFX file
keytool -v -list -storetype pkcs12 -keystore .pfx
3 - generate CSR file from new JKS file
keytool -certreq -alias -keystore .jks -file .csr -storepass
So far the resulting CSR files are validated successfully by my CA Authority's online tool.
I know I may use
keytool -delete -alias alias -keystore .keystore
to remove some certificates from certificate storages. But I've got 109 certificates stored in cacerts: keytool -list result
How to remove them with one command? Or, in other words, how do you clear cacerts storage?
There is no one command from keytool to delete all the entries in a keystore. You have to do a few workarounds to achieve this.
You can do it either by writing a simple Java code using the KeyStore api:
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(new File("KEYSTORE_PATH")), "changeit".toCharArray());
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements())
{
String alias = aliases.nextElement();
ks.deleteEntry(alias);
}
ks.store(new FileOutputStream(new File("KEYSTORE_PATH")), "changeit".toCharArray());
(Or)
Create a similar store, since you already know the type of cacerts keystore (minor workaround here).
Create a KeyStore with a keypair initially when creating the cacerts keystore file.
keytool -genkeypair -keystore cacerts -storepass changeit
Delete the initially create key pair entry.
keytool -delete -keystore cacerts -storepass changeit -alias mykey
Since the cacerts is the default keystore, you don't specify the other attributes in the keytool command, let java handle the default values for you. Now you should have an empty cacerts keystore.
https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html
This worked for me:
sudo keytool -delete -alias cacertName -keystore $JAVA_HOME/lib/security/cacerts
No mentioning that you must know the keystore password of the cacert you are going to delete, otherwise you could not delete it.
I am trying to establish a secure connection for my application using jetty http server version 8.1.8.v20121106 with self signed certificate.
I am generating self signed certificate with the following command,
keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keypass password -keystore keystore.jks -storepass password
keytool -export -alias mykey -file server.cer -keystore keystore.jks -storepass password
keytool -import -alias mykey -file server.cer -keystore truststore.jks -storepass password
So, totally 3 files generate (keystore.jks,server.cer,truststore.jks)
After the server gets started, I got the following error in my browser. There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
Could anyone help me to generate a trusted self signed certificate using keytool.
Thanks in advance.
It is the problem with java jdk. I have verified using java 1.8 and jdk1.7.0_79 it is working fyn for me. Change your java jdk version and verify. For further clarification, Please refer this link.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=398644
I have a certificate which is in .p7b I want change into .jks. So How can I convert it into .jks
please reply
thanks in advance
The alias should match the alias you used when you generated the key pair.
keytool -importcert -alias alias -trustcacerts -file keystore.p7b -keystore newkeystore.jks –storetype JCEKS
Source: Import certs from a p7b to a jks