Cannot import certificate using keytool

Similar Messages

• Can we automate importing certificate using keytool

  Hi,
  One of my application's requirement is to have a digital certificate at client side.
  Client performs the following tasks during the deployment of the application.
  1.Takes certificate from authorized CA
  2. Exports digital certificate as a cer file. (CER encoded binary X.509 Certificate)
  3.Use keytool (supplied with JRE) to import the certificate into keystore with an alias.
  Then only my application can load the certificate from keystore.
  Can we automate both step 1 and Step 2. ..?
  Or atleast step 2 (because it requires the novice user to type some commands and needs little knowledge about commands as well).
  Thanks in advance.

  Thanks for your quick reply.
  Its really useful for my requirement.
  I've a small doubt.
  As it said, before a keystore can be accessed, it should be loaded.
  There is a method called "setCertificateEntry" for creating setting / creating certificate in Keystore
  I've a certificate issed by CA and imported it to a file(.cer file) through certificate manager
  How do I create Certificate from a .cer file.
  Thanks in advance

• "Cannot import certificate response" for SSL in STRUSTSSO2

  Hi
  I have got an SSL certificate signed from verisign for my ECC5.0 SP17 backend. When I try to import this certificate response in Tr STRUSTSSO2 it says cannot import certificate response.
  Please help.
  Thanks
  Sheril

  Hi
  Thanks for the helping me out. I have managed to find a fix for the problem. All you had to do was to restore the SSL certificate. I was trying to do this for a system which was a copy of the production and the certificate was generated for the system before the refresh. So all I had to do was to restore the SSL.
  Thanks
  Sheril
  Thanks
  Sheril

• (newbie) Importing certificate with keytool..?

  I'm trying to import a certificate with:
  * keytool -import -alias mycert -file lalakis.pem
  but I keep getting:
  ~ keytool error: java.lang.Exception: Input not an X.509 certificate
  It is:
  - An OpenSSL generated certificate with
  - Signature Algorithm: PKCS #1 MD5 With RSA Encryption and
  - Subject PK Algorithm: PKCS #1 RSA Encryption
  Should I use some other options..?

  Normally OpenSSL certificate includes extra human readable information. Please remove all characters before -----BEGIN CERTIFICATE---- and after ----END CERTIFICATE----- (including blank lines), and try again.

• How to create a certificate using keytool / terminal?

  I have problems with creating certificates using the terminal. I use the instructions below and typed in all the required information. When it asks me to type "yes" and confirm, the whole process just starts from the beginning over and over and I have to type in the same things. What do I do wrong? How do I confirm the information I typed in?
  I am trying to create a certificate to sign apps for GooglePlay and Amazon. I am using DPS Professional.
  Thanks for help!
  Instructions:
  (Mac OS) Create a certificate file using Keytool
  Open Terminal, which is located in the Applications > Utilities folder.
  Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
  1
  keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
  Specifying “10000” sets the expiration date after 22 October 2033.
  Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
  Follow the prompts to specify the certificate information.
  When prompted to confirm choices, enter yes, and then press Return to use the same password.
  A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well.

  It could be access/rights issue. Enable root user and try again.

• Cannot import certificate

  Hey,
  I've purchased a domain and a SSL certificate from Comodo but I cannot import it via the server app. The certificate consist of 5 files but the window where i'm supose to drag files doesn't seem to do anything - the import button is still grayed out after dragging the files in. I guess that it needs some .key file which i do not have. I'm new to this so i'm not sure what am I suppose to do.
  Any help would be appreciated.
  P.S. And how can I delete the "self signed" from the server and start everything from clean so to speak?

  Ferry Gunawan
  good to hear it. Please close this thread if your issue has been resolved.How to close a discussion and why
  Regards,
  JK

• I cannot import videos using home sharing

  I followed the instructions for setting up home sharing on our laptops. One machine is using Windows XP, and the other is using Windows 7. Both have the latest updates for iTunes and both are authorized. I have turned off (and back on) home sharing, I have authorized and deauthorized and then re authorized both computers. I can see libraries on both machines. When I tried to import a video from his machine to mine, it told me that "this machine is not authorized" meaning mine. I am at a loss as to what I am not doing. I have tried to re authorize both machines and get a message box telling me the machine is authorized. Is this a problem in the newest version of iTunes?? I have no idea what to do next. I wanted to put movies on my iPad, and all of our compatible movies are on his machine. Can someone help me out?

  Hi GeekBadger,
  Thanks for using Apple Support Communities.  This article has some troubleshooting ideas for Home Sharing issues:
  Troubleshooting Home Sharing
  http://support.apple.com/kb/TS2972
  Cheers,
  - Ari

• Cannot import photos using iPhoto to iCloud. This option is disabled??

  OSX 10.9.5 2.8 GHz Intel Core 2 Duo
  I am trying to import photos from my IMac into my ICloud account but this option is disabled in the ICLOUD config window (not editable). How can I enable this option?
  Many thanks, Helena.

  In the iCloud system preference log into iCloud and then in iPhoto set the iPhoto preferences for iCloud that ti want
  LN

• Plz help, i cannot import cd using itunes 10.3.1(55)

  the issue is when i put the cd in the drive, open itunes than itunes start to read the disc, sometime it could be read, but sometimes it just eject the cd, i dont know what exactly the problem was on my macbook pro (13" mid 2010).
  even sometimes it could read the disc, but when i start import the cd, it eject the cd.
  thanks, i am sorry my english is not very good, i can provide further details if needed

  Actually it's a good question ... I have not done it before manually. If the folder exists does it mean that I have done it before?
  The folder is completely empty.  I reconfirmed that I have full-control persmissions on all folders below my username ...
  C:\Users\(username)\AppData\Roaming\Apple Computer\MobileSync\Backup\ [Vista machine]
  I have restricted access to the C:\User folder
  - Read & Execute
  - List folder content
  - Read

• Using keytool to generate self signed cert. for Microsft Certificate Mrg.

  Hi All,
  I want to be able to generate a self signed certificate that I can Import into
  Microsoft's Certificate Manager, to enable an HTTPS Listener for
  Microsoft's WinRM and WinRS.
  The certificate would only be for internal use, not used externally.
  Here's the problem. I can create a certificate using this (path obscured):
  "C:\Program Files\.....\jre\bin\keytool" -genkey -al
  ias dMobX -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -dname "CN=your-f5c57803
  53" -keypass changeit -validity 90 -storetype pkcs12 -keystore "C:\Program Files
  \......\jre\lib\keystore\.keystore" -storepass changeit
  "C:\Program Files\......\jre\bin\keytool" -export -alias dMob
  X -file "C:\Program Files\......\jre\lib\keystore\dMobX.cer" -stor
  etype pkcs12 -keystore "C:\Program Files\.......\jre\lib\keystore\.
  keystore" -storepass changeit -v
  Microsoft's Certificate Manager will accept it, the .cer, using "Import", into
  Trusted Root Certification Authorities, but when I run the command to create the HTTPS Listener, I get this error message:
  The WS-Management service cannot find the certificate that was requested.
  If I use another tool, like selfssl, I can generate a self signed certificate using:
  selfssl /N:CN=your-f5c5780353 /K:1024 /V:90 /P:443 /T
  This will populate a certificate in Trusted Root Certification Authorities,
  and when I run the command to create the HTTPS Listener, it succeeds with
  no problem.
  So my question is, am I doing something wrong with keytool, or are there
  extra steps that I need to take, or is it even capable of generating a "self signed
  certificate" that will work in the above case?
  There are some concepts involved, certificate wise, that I'm not sure about.
  Do I need to create a CSR and use a tool like openssl, as a CA, and
  use the resulting certificate?
  I just want to be able to programmatically create the needed certificate using keytool, or
  using an API.
  Thanks,

  Download the latest JDK on http://download.java.net/jdk7/binaries/.
  Run "keytool -genkeypair -ext KU=? -ext EKU=? ...". Substitute the "?" with the usages you see in the other cert (for example, "digitalSignature" or "codeSigning". If there are multiple ones, separate with comma).

• How do we create certificate with .pem extension using keytool

  Hai all,
  please tell me the procedure to create certificates using keytool with .pem extension.

  I dont think keytool can do this, try OpenSSL:
  openssl pkcs12 -in test.p12 -out test.pem
  David

• How do I install (import) certificat into FireFox using commad line?

  I can import certificat using certutil.exe in command line, but this certificat is available only in Internet Explorer.
  I can import certyficat into FireFox using its GUI. I must import that certificat on more then 60 PCs.
  Question is: how do I install (import) certificat into FireFox using commad line?

  HI ScanBit,
  Thank you for your question, in order to import the certificate in the command line you will need these resources:
  *[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil]
  If you have any other questions about this, we are happy to help.

• Import image using JS (preferred on document-level)

  Hello,
  I am going to implement a dynamic legend using JavaScript in Adobe Acrobat. The document contains a lot of layers. Every layer has an own legend. The origin idea is to implement the legend so, that it contains the images in a dialog box for the visible layers. I can only hide/show the layers by setting state to false or true (this.getOCGs()[i].state = false;) on document-level.
  Question 1: Can I extract data from layer somehow  for legend establishing? I think no, as we only have these function on layers: getIntent(), setIntent() and  setAction(). Right? Therefore I decided to arrange it so, that all needed icons for every layer are saved in a folder with corresponding names. JavaScript should import the icons and I build the a dialog window with icons of visible Layers and place a text(description for this icon).
  I tried all possibilities of image import described here: http://pubhelper.blogspot.com.au/2012/07/astuces-toolbar-icons-et-javascript.html. I got only one way (Convert the icons as hexadecimal strings). This way isn't good, as it is too much work to create with an other tool a hexadecimal string from a images and place it into a javascript code.
  Unfortunately, I cannot import image using other methods:(. Since the security settings in Adobe are changed after version 7 or so, it is not possible to use functions like app.newDoc, app.openDoc, even app.getPath On document-level. I decided to implement the import on the folder level using trusted functions like this:
  Variant 1:
  var importImg = app.trustedFunction(function() {
      app.beginPriv();
      var myDoc = app.newDoc({
          nWidth: 20,
          nHeight: 20
          var img = myDoc.importIcon("icon", "/icon.png", 0);
          app.endPriv();
      return img;
  var oIcon = importImg();
  NotAllowedError: Security settings prevent access to this property or method.
  App.newDoc:109:Folder-Level:User:acrobat.js
  Variant 2:
  var importImg = app.trustedFunction(function() {
         var appPath = var phPath = app.getPath({
          cCategory: "user",
          cFolder: "javascript"
         try {
                 app.beginPriv();
          var doc = app.openDoc({
              cPath: phPath + "/icon.png",
              bHidden: true
           app.endPriv();
      } catch (e) {
          console.println("Could not open icon file: " + e);
          return;
          var oIcon = util.iconStreamFromIcon(doc.getIcon("icon"));
      return oIcon;
  var oIcon = importImg();
  Error: Could not open icon file: NotAllowedError: Security settings prevent access to this property or method.
  The settings in Preferences->JavaScript-> JavaScript Security are disabled (Enable menu item JS execution privileges, enable global object security policy).
  Question 2: Is it not allowed or should I change some other settings or use the import on any other way?
  I tried all these possibilities with .jpg, .png, .pdf. with different sizes(big images and 20x20 pxls), It doesn't work.
  Could somebody help me, as I spent a lot of time with trying different possibilities. It would be actually better to implement the main goal described above on document level, are there other possibilities to access images, maybe using xml or something else) (Question 3)?
  Thank you and kind regards,
  Alex

  ... After checking: I cannot delete my posts either.
  I can see some sort of button "Actions" at the bottom of my replies, but it seems to be missing from a 'main' post. You may want to ask this in the Forum About Forums: Forum comments

• Using keytool to import a certificate

  I'm trying to import in the samplecacerts file a seft signed certificate generated for test purposes on my test web server.
  The command I issued was:
  keytool -import -alias mycert -file mycert.cer -keystore samplecacerts -trustcacert -storepass changeitand the answer was:
  keytool error: Signature not availableIf I accept this certificate using my class that implements the interface X509TrustManager and getting data using HttpsURLConnection all works fine.
  I used two methods to export the certificate:
  1. I exported it after accepting it in Ienternet Explorer
  2. I wrote it from the method isServerTrusted as suggested by Aseem in his sample code (http://forum.java.sun.com/thread.jsp?forum=9&thread=14884&start=25&range=1&hilite=false&q=)
  The two generated files are identical.
  Anyone can help me?
  Thank
  Aldo

  I am having the same problem - and I don't understand the one reply you got.
  So here goes. WHY can I easily import a self-signed certificate as a "trusted root" in IE, but I cannot import the same certificate into my cacerts file using keytool.exe? Keytool always gives the error, "Signature not available".
  Can someone please tell me what the heck I am supposed to do? All I want to do is be able to connect to an https URL in my Java code and read the contents. I "trust" the darn server, but the keytool utility doesn't seem to "trust" me....
  BTW, yes I am using JSSE, it's not a code problem it's a keytool problem.

• Problem in installation of free SSL certificate on Weblogic using keytool

  We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
  Steps followed:-
  1) To generate keystore and private key and digital cerficate:-
  keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
  2) To generate CSR
  keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
  3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
  4) Same certificate is put into same keystore using following command
  keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
  5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
  (intermediateCa.cer file is downloaded from verisign site)
  keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
  6) After this configuration we used weblogic admin module to configure Keystore and SSL.
  7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
  Private key alias: mykey2
  PassKeyphrase: webconkeystorepassword
  Location of keystore: location of webconkeystore.jks file on server
  8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
  Error on console:
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
  <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  If anyone knows the solution ,please help us out.Thanx in advance.
  I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

  Thanx all guys for your interest and support.
  I have solved this issue.
  We have weblogic 9 on unix env.
  Following steps which I followed:
  #generate private key
  keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
  #generate csr
  keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
  Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
  We copied that text file in "ert4nov2009.crt" rt file used below.
  Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
  roo ca in "root4nov2009.cer" file.
  intermediate ca in "intermediateca4nov2009.cer"
  both these files used in
  #import root certificate
  keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
  #import intermediate ca certificate
  keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
  #install free ssl certifiate
  keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
  #after this admin configuration
  In weblogic admin console module, we did following settings:-
  1. under Configuration tab
  a. Under KeyStore tab
  For keystore , we selected "Custom identity and Custom Trust"
  Under Identity,
  Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
  Custom Identity Keystore Type: JKS
  Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
  Same we copied Under "Trust", as we have not created separate keystore for trust.
  Save setting.
  b. Under SSL tab
  Identity and Trust Locations: select "Keystores"
  Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
  Save setting.
  c. Under General tab
  Check checkbox "SSL Listen Port Enabled"
  and mention ssl port "SSL Listen Port"
  Save setting.
  After this activate changes.You might see error on admin module.
  Using command prompt, stop the server and again restart and then try to access using https and port ...
  you will definately get output...
  in our case issue might be due to key size..we used 1024 key size ..it solve problem.
  for your further reference plz find link below..it is also helpful.
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674