I have a certificate which is in .p7b I want change into .jks. So How can I convert it into .jks
please reply
thanks in advance
The alias should match the alias you used when you generated the key pair.
keytool -importcert -alias alias -trustcacerts -file keystore.p7b -keystore newkeystore.jks –storetype JCEKS
Source: Import certs from a p7b to a jks
Related
I have IIS server with pfx containing L1K cert. I need to request a new L1M cert for it, AND will need to also be able to import the returning cert to a java keystore as the URL in question will move from IIS to Apache Tomact.
Help!
I think I found the way to do this.
*credit to this site:
https://www.jamf.com/jamf-nation/discussions/4646/converting-a-windows-pfx-or-windows-pkcs12-keystore-to-a-jks-keystore
1 - use keytool to import PFX into JKS
keytool -importkeystore -srckeystore .pfx -srcstoretype pkcs12 -destkeystore .jks -deststoretype JKS
2 - get details such as Alias from PFX file
keytool -v -list -storetype pkcs12 -keystore .pfx
3 - generate CSR file from new JKS file
keytool -certreq -alias -keystore .jks -file .csr -storepass
So far the resulting CSR files are validated successfully by my CA Authority's online tool.
I know I may use
keytool -delete -alias alias -keystore .keystore
to remove some certificates from certificate storages. But I've got 109 certificates stored in cacerts: keytool -list result
How to remove them with one command? Or, in other words, how do you clear cacerts storage?
There is no one command from keytool to delete all the entries in a keystore. You have to do a few workarounds to achieve this.
You can do it either by writing a simple Java code using the KeyStore api:
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(new File("KEYSTORE_PATH")), "changeit".toCharArray());
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements())
{
String alias = aliases.nextElement();
ks.deleteEntry(alias);
}
ks.store(new FileOutputStream(new File("KEYSTORE_PATH")), "changeit".toCharArray());
(Or)
Create a similar store, since you already know the type of cacerts keystore (minor workaround here).
Create a KeyStore with a keypair initially when creating the cacerts keystore file.
keytool -genkeypair -keystore cacerts -storepass changeit
Delete the initially create key pair entry.
keytool -delete -keystore cacerts -storepass changeit -alias mykey
Since the cacerts is the default keystore, you don't specify the other attributes in the keytool command, let java handle the default values for you. Now you should have an empty cacerts keystore.
https://docs.oracle.com/cd/E19683-01/817-2874/6migoia18/index.html
This worked for me:
sudo keytool -delete -alias cacertName -keystore $JAVA_HOME/lib/security/cacerts
No mentioning that you must know the keystore password of the cacert you are going to delete, otherwise you could not delete it.
I want to retrieve the csr file from jks or cer file (have lost the .csr file). Please let know if it's possible from keytool command.
You cannot generate a certificate request from a certificate file. You can only do it for a KeyPair that is in your keystore (jks). You can run this keytool command to generate a csr (pkcs#10)
keytool -certreq -keystore [KEYSTORE_PATH] -storepass [KEYSTORE_PASSWORD] -alias [KEYPAIR_ALIAS] -file [CSR_FILE]
You can see the content of the csr you generated by using the below command.
keytool -printcertreq -file [CSR_FILE]
[EDIT]
I used those two commands to generate the csr:
keytool -genkey -alias tomcat -keyalg RSA -keystore XY.key
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore XY.key
gd_bundle-g2-g1.crt has 3 blocks in it, the other two have only 1.
[/EDIT]
I want to install the certificates. I want to use:
keytool -import -alias [AB] -keystore [CD.key] -trustcacerts -file [EF.crt]
I know CD; that's the keystore I generated, but what alias (AB) is correct for which certificate (EF)? The three certificates I get are:
b715e55ecaeeba39.crt
gd_bundle-g2-g1.crt
gdig2.crt
And after I did that correctly, am I right by using the:
keytool -import -alias tomcat -keystore <your_keystore_filename> -file certreq.csr
The file with which I requested the Certificate?
Thank you for your help.
You can use any alias you want as long as you specify it in the server.xml file (parameter keyAlias, case sensitive).
tomcat seems to be the default alias : https://docs.jboss.org/jbossweb/7.0.x/ssl-howto.html
I would really appreciate if someone could shed some light on the following issue. I have read the keytool documentation but could not find any hint regarding what could be the problem here.
I created a keystore
keytool -genkey -alias privateKeyName -keyalg RSA -keystore privateKeyName.jks -validity 720 -keysize 1024
I created a certificate request
keytool -certreq -alias privateKeyName -keystore privateKeyName.jks -file certReqFileName.csr
After the signing authority gave me the .cer file, I tried to import it with
keytool –import -alias privateKeyName -file certReqFileName_t_f.cer -keystore privateKeyName.jks
Import fails with
keytool error: java.lang.Exception: Failed to establish chain from reply
I have been stuck on this for some time now so any help would be awesome.
Thanks.
Take a look at the option -trustcacerts, if your CA is listed in the truststore. Additionally you may have to add the CA's intermediate certificates to your keystore, first.