![]() Hope that helps anyone else that has been in the same predicament. ssl]$ keytool -importkeystore -deststorepass thePassw0rd -destkeystore test.jks -srckeystore test.p12 -srcstoretype PKCS12 -alias theServerName The solution comes in the form of a little tool called Keystore Explorer, which is a gui tool that lets you import a p12 key, and then select & rename keys in the keystore even if those keys have no name.Īfter using that, I was able to run the first command above with my newly-renamed p12 file, and it worked like a charm. Without an alias though, you can’t reference it, you can’t convert it, but critically – in keytool, you can’t rename it either – as you can’t say -alias="" The problem, of course, is that the key has no name. The Unlock Entry dialog will be displayed. I didn’t know how to get around this impasse for a while until finally realizing that the certificate provider did not have an alias in the PKCS12 file, and for Java Keystores, Aliases are REQUIRED elements so that you can select what key you want your application to use. To unlock a Key Pair: Right-click on the Key Pair entry in the KeyStore Entries table. Gave an error like this keytool error: : String index out of range: 0 However, what happens when you’ve got a PKCS12 key & certificate chain that has been generated for you which you then need to import into your java keystore? I’ve had trouble with this before, as attempts to import keys with a command like this: keytool -importkeystore -deststorepass ThePassw0rd -destkeystore test.jks -srckeystore ~my-signed-certificate-file.p12 -srcstoretype PKCS12 When you’re working with a java app like AEM, generally I’ve used this process to set up SSL, where you first generate your CSR with the keytool command which embeds the private key into a JKS file, then get the cert signed and import the signed cert back into the JKS file.
0 Comments
Leave a Reply. |