Importing a PKCS12 private key into java Keystore

Hi,
We have an existing private key, stored in a ".p12" file.
Currently, our existing program will access this file directly to retrieve the private key, however, we need to import this private key into a keystore so it can be retrieved by our new code.
Does anyone know whether it is possible to do this, and if so, is there any criteria that need to be met.
If it is possible, then how do we do it?
Assistance is appreciated!
Regards
Steve Williams

Sorry to cross-post, but I have a similar problem.
I have an existing certificate (public/private keypair) that I'm using in Microsoft IIS. Using Cert Manager in Windows2000 I export the certificate preserving the private key into a pfx file. I need to import the public/private keypair into the keystore. I also have the original certificate request and reply from Verisign if that helps any. I've looked everywhere and have been unable to find any information about doing this. Please Help!
If there is a way to do this using keytool that would be great. If someone knows how to programmatically do this that would also be great.
Thanks in advance,
Trey Caldwell
Software Engineer
Intrannuity, LLC
[email protected]

Similar Messages

Import a signed public key into a keystore

Hai all,
When I followed the steps listed at the end of the email, to create a cert request using keytool (from jdk 1.3.0), make it signed by a CA and import the signed public key into a keystore,
I got the following error when I did step 9: keytool error: java.security.cert.CertificateException: IOException: data is not sufficient
Could you please give me a help? Thanks in advance. ---
1.Generate the CA key
$ openssl genrsa -rand -des -out ca.key 1024
2.Create a self signed certificate
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3.Setup the OpenSSL CA tools
$ mkdir demoCA $ mkdir demoCA/newcerts $ touch demoCA/index.txt
$ cp ca.crt demoCA/ $ echo "01" > demoCA/serial
4.Create a new key store for the client application
$ keytool -keystore testkeys -genkey - alias client
5.Export the client's public key
$ keytool -keystore testkeys -certreq -alias client -file client.crs
6.Sign the client's key with our CA key
$ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key
7.Convert to DER format
$ openssl x509 -in client.crs.pem -out client.crs.der -outform DER
8.Import CA certificate into client's key store
$ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt
9.Import signed key into client's key store
$ keytool -keystore testkeys -alias client -import -file client.crs.der
(The above steps are available at <http://www.ddj.com/articles/2001/0102/0102a/0102a.htm>)
I have created CA and Server certificates using openssl and client certificate request using keytool and it is signed by our CA.
I am using openssl server (C++) and JSSE client (JAVA)...
to communicate these two what certificates i need to put in the client keystore (created using keytool).
I have imported CA into keytool ,but i am unable to import client cert into keystore.
Please tell me some way to sort out this problem...
Prasad.

The following script using openssl and keytool (JDK1.3)
works. Be sure to have the following in
your extension directory (/opt/java1.3/jre/lib/ext):
jcert.jar
jnet.jar
jsse.jar
sunrsasign.jar
Pierre
#!/bin/ksh
rm -f Keystore Config
rm -rf certs
mkdir certs
touch certs/index
echo "01" > certs/serial
chmod 600 certs/*
netstat > /tmp/.rnd
echo "Creating config file for openssl"
cat > Config <<EOCNF
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = certs
database = \$dir/index
serial = \$dir/serial
default_days = 365 # Duration to certify for
default_crl_days= 30 # Time before next CRL
default_md = SHA1 # Message digest to use.
preserve = no # Keep passed DN ordering?
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_value = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = CA
stateOrProvinceName_value = CA
localityName = Locality Name (eg, city)
localityName_default = Loc
localityName_value = Loc
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Org
0.organizationName_value = Org
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = OrgUnit
organizationalUnitName_value = OrgUni
commonName = Common Name (eg, YOUR name)
commonName_default = CN
commonName_value = CN
commonName_max = 64
emailAddress = Email Address
emailAddress_default = [email protected]
emailAddress_value = [email protected]
emailAddress_max = 40
[ req_attributes ]
EOCNF
echo "Creating DSA params"
openssl dsaparam -outform PEM -out DSAPARAM -rand /tmp/.rnd 1024
echo "Creating CA key pair and cert request"
openssl req -config Config -nodes -newkey DSA:DSAPARAM -keyout certs/caprivkey.pem -out certs/req.pem
echo "Signing own CA cert"
openssl x509 -req -in certs/req.pem -signkey certs/caprivkey.pem -out certs/cacert.pem
echo "Generating client key pair and cert in keystore"
keytool -genkey -alias myalias -keyalg DSA -keysize 1024 -keypass password -storepass password -keystore Keystore -dname "CN=Common Name, OU=Org Unit, O=Org, L=Locality, S=State, C=Country" -validity 365
echo "Generating cert request"
keytool -certreq -alias myalias -keypass password -storepass password -keystore Keystore -file certs/CertReq.csr
echo "Signing client cert"
openssl ca -config Config -policy policy_anything -batch -in certs/CertReq.csr -keyfile certs/caprivkey.pem -days 365 -cert certs/cacert.pem -outdir certs -out certs/public.pem -md SHA1
echo "Importing CA cert into keystore"
keytool -import -alias CA -keystore Keystore -storepass password -noprompt -file certs/cacert.pem
# Clean the certificate file, contains extra stuff from openssl
sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/!d" \
certs/public.pem > certs/tmp-public.pem
cp certs/tmp-public.pem certs/public.pem
rm certs/tmp-public.pem
echo "Importing client cert into keystore"
keytool -import -alias myalias -keystore Keystore -storepass password -noprompt -file certs/public.pem

How to enter a Private key into a keystore

Hi,
We have a propriteary CA, developed by us. I need to use this CA for my Signed Applet. I would enter this CA's public key(a X509 certificate) into my cacerts file.
Following is what I have done :
1) I have generated my own keystore, public and private key for signing the applet.
2) Signed the applet with the private key in the keystore.
To Do :
Now, the self generated public key(with which applet was signed) has to be signed by the properitary CA, so that when applet is downloaded my certificate is authenticated by the proprietary CA.
The problem is :
1) To get my public key certificate authenticated by the proprietary CA, I need the private key of proprietary CA.(so that I shall sign my public key file by the CA's private key) . The CA could give the private key as a byte array file. ( Or we could write a program to format the private key file, if any format exists and required). jarsigner requires keystore to sign. How could I create a keystore and enter my private key and public key into this keystore?
2) Is there any other way to do this?
Please help to resolve this problem.
Rajesh

Check this:
<A HREF="http://java.sun.com/j2se/1.4/docs/guide/pugin/developer_guide/rsa_signing.html

Adobe Content Server 4.1 - Cound not find server's private key in the keystore

Hello,
I have getting following error when i setup fulfillment services of Adobe Content Server 4.1.1
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Servlet execution threw an exception
root cause
java.lang.Error: Cound not find server's private key in the keystore
     com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:156)
     com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
     com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
     com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
     com.adobe.adept.common.servlet.Status.doGet(Status.java:424)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.20 logs.
My fulfillment-conf.txt contains following:
com.adobe.adept.log.level=trace
com.adobe.adept.log.file=C:\acs4\log\fulfillment.log
com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
com.adobe.adept.persist.sql.dialect=mysql
com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
com.adobe.adept.persist.sql.user=acesdbuser
com.adobe.adept.persist.sql.password=******
com.adobe.adept.serviceURL=http://127.0.0.1:8080/fulfillment
com.adobe.adept.fulfillment.security.licensesignURL=https://nasigningservice.adobe.com/licensesign
com.adobe.adept.fulfillment.security.keystore=pkcs12
com.adobe.adept.fulfillment.security.pkcs12.file=file:///C:/ACS4/operator.p12
com.adobe.adept.fulfillment.security.keystore.user=operator4acs
com.adobe.adept.fulfillment.security.keystore.password=******
Any Idea?
Regards,

Are you sure you created the .p12 file with the correct '-name' friendly name? The value for -name must match the value com.adobe.adept.fulfillment.security.keystore.user

NAC and SSL - fails to import password protected private key

I am attempting to import an SSL certificate on my CCA Manager and Server. I purchased a wild card SSL cert *.domain.com. The private key used to generate the certificate was created on an Cisco ACS 3.2 server and has a password. When attempting to import the private key into the CCA Manager the browser times out and no error is reported.
My guess is that it is waiting for the password to allow access to the private key. Unfortunately there is no place on the form and no pop-up to enter the password.
Is there a command line option for importing a private key that may work for me?
Thanks
Sherm

The best Possible way is to generate a CSR from the CCA server and then purchase a certificate using that CSR. Then you dont have problems with private keys.
Regards
sathappan

Import an SSL Private Key

Hello. Is it possible to export the Private Key from, say, my J2EE engine (I'm running a dual stack) and import it into my ABAP instance so that both systems use the same Private Key? They both have the same host name.

I guess its possible. Please correct me if i am wrong.
Please keep in mind, that simply importing a certificate as a certificate response won't work in this situation, since the public key from your CA and the public key in the individual PSEs already existing on the respective servers won't match.
following steps all the key pairs and certificates that are currently stored in the SSL Server PSEs on the target systems will be removed. If you want to keep them, you'll need to export them to a safe place.
Step 1: import the key pair into a PSE
Since pl.16 of SAPCRYPTOLIB, key pairs given in the format PKCS#12 can be imported into a PSE (note 745063). Since pl.24 of SAPCRYPTOLIB, also the import of key pairs given as PKCS#5, PKCS#8 or OpenSSL-PEM is supported (note 1159829).
Step 2: import the PSE resulting from Step 1) into the system's database All PSEs that are known to transaction STRUST will be exported from the database and distributed to the application servers at system startup. The related PSE files will be overwritten. So, the PSE resulting from the key pair import in step 1) needs to be imported into the database.
You'll need to go through a procedure similar to the one described in note 1178155, step 3.
- Copy the PSE from step 1) to your workstation/PC
- Start transaction STRUST
- Doubleclick the "FILE" icon in the navigation area (left hand side)
- Select the PSE on your workstation/PC
- Execute the menu item "PSE --> save as..." and choose the SSL Server
PSE as target. This will save the PSE from step 1 as SSL Server
standard PSE.
- The following step is a modification from note 1178155 which is
only applicable in your special situation: right mouse button click
on the SSL Server PSE entry in the navigation area. From the context
menu appearing, select "Change".
- Remove the distinguished names from all application server specific
PSEs in the list. Pressing the green tick mark ('save') will remove
all application server specific SSL Server PSEs, so the system is
forced to use the SS Server standard PSE instead.
Don't forget to restart the ICM in order to make your changes become effective.
Regards,
Jazz

Storing encrypted username and password along with the Key into Windows Keystore

I have a WPf application and I need to allow the user to enter the username and password. Username and Password should be encrypted and store them with the key into the windows Keystore. I used the Cryptography class to encrypt the username and password but
I am not sure how to store them in the Windows Key Store.
This login is used for configuration purpose only. User enters and it is saved into the clients machine. As long these credentials are correct, we are going to allow this machine to call another API to download files.
I would really appreciate for any sample code. Basically, I need to store them in the registry and be able to call them to verify.

Data encryption and key management is certainly not a WPF topic so you are in the wrong forum but you could take a look at the ProtectedData class:
https://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx.
It provides methods for encrypting and decrypting data on user or machine level. Please refer to the following link for more information:
http://stackoverflow.com/questions/4967325/best-way-to-store-encryption-keys-in-net-c-sharp
Here is another link on the subject that may be helpful:
http://stackoverflow.com/questions/7459069/where-to-store-sensitive-information-needed-for-an-application-to-run
Please remember to mark helpful posts as answer to close your threads.

Private Key Created

A private Key in my user name was created without my knowledge that expired after one month. It is in my keychain as a Root Certification in the System Keychain. I checked all of the Console Logs and could not find any mention at the date and time of its creation. Concerned about Malware, I also checked emails from that date and ran ClamXAV -nothing suspicious. I have Googled the issue thinking that someone else has noted this-no luck.
I hope it was not Hacker activity. I checked another Mac in the house and there is no similar Certificate. MacPro OS 10.8.5
Any Ideas?
Thanks

use openssl to convert your private key into a pkcs#12 format file. keytool should able to treat this file as a keystore. Then run keytool -importkeystore, specifying the pkcs#12 file as the source keystore.

Help : java.security.UnrecoverableKeyException: excess private key

Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
     at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
     at java.security.KeyStore.getKey(KeyStore.java:289)
     at com.security.Security.generatePKCS7Signature(Security.java:122)
     at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
     at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM

user10935179 wrote:
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
Arshad Noor
StrongAuth, Inc.

SSL CertGen & Private key import errors - 7.0

I am trying to install weblogic generated ssl certificate and because the private
key needs to be encrypted with a password, i am loading this in a new JDK keystore
and trying to configure WL.
I am running utils.CertGen from weblogic 7.0 sp3 on XP.
X:\SSLTest>java utils.CertGen testpassword testcert testkey
Creating Domestic Key Strength - 1024
..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
Encoding
Created Private Key files - testkey.der and testkey.pem
com.rsa.certj.cert.CertificateException: Cannot build Cert Request Info: Unable
to encode X500Name.
at com.rsa.certj.cert.PKCS10CertRequest.getCertRequestInfoDEREncoding(PKCS10CertRequest.java:824)
at com.rsa.certj.cert.PKCS10CertRequest.signCertRequest(PKCS10CertRequest.java:1082)
at utils.CertGen.createCertificateRequest(CertGen.java:312)
at utils.CertGen.processCommand(CertGen.java:185)
at utils.CertGen.main(CertGen.java:170)
com.rsa.certj.cert.CertificateException: Cannot build Cert Request Info: Unable
to encode X500Name.
at com.rsa.certj.cert.PKCS10CertRequest.getCertRequestInfoDEREncoding(PKCS10CertRequest.java:824)
at com.rsa.certj.cert.PKCS10CertRequest.signCertRequest(PKCS10CertRequest.java:1082)
at utils.CertGen.createCertificateRequest(CertGen.java:312)
at utils.CertGen.processCommand(CertGen.java:185)
at utils.CertGen.main(CertGen.java:170)
I went ahead and ran the same CertGen on unix and got the certificate file and
the key file
to my box to check to see if i can install it. I created a new keystore with keytool,
loaded the private key with the alias and the password phrase, made this key store
the default keystore, supplied the management password, changed the files to read
the new cert file and key file.
Attached is the log for the SSL debug.
Do i need to import the private key stored in the JDK for weblogic ? I tried doing
that by running.
X:\>java utils.ImportPrivateKey X:\bea\user_projects\mydomain\mystore.jks mypass
myalias pvtPasswd X:\bea\user_projects\mydomain\localcert.pem X:\bea\user_projects\mydomain\localkey.pem
ImportPrivateKey will use existing X:\bea\user_projects\mydomain\mystore.jks
ImportPrivateKey failed, java.security.KeyManagementException: ASN.1: Unxpected
ASN.1 tag
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
Source)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:76)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:44)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:32)
X:\>
Attached log is SSL debug enabled and it cant see the private key.
Any help is appreciated.
thanks,
mallik
[ssldebuglog.txt]

"Mallik" <[email protected]> wrote in message
news:3f3274e9$[email protected]..
>
I am trying to install weblogic generated ssl certificate and because theprivate
key needs to be encrypted with a password, i am loading this in a new JDKkeystore
and trying to configure WL.
I am running utils.CertGen from weblogic 7.0 sp3 on XP.
X:\SSLTest>java utils.CertGen testpassword testcert testkey
Creating Domestic Key Strength - 1024
..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
Encoding
Try this on 8.1 and see if it works. There was a bug fix with respect to "_"
in hostnames.

Error while importing a PKCS12 file to keystore

When i try to load a PKCS12 file in keystore , i get the following error: java.io.IOException: Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters).
Can anyone tell me what should I do now !

Ok...I fixed that exception but now its a new one: Plz check the stack trace:
Exception in thread "main" java.lang.ExceptionInInitializerError
     at javax.crypto.Mac.getInstance(Unknown Source)
     at com.ibm.security.pkcs12.BasicPFX.calculateMac(Unknown Source)
     at com.ibm.security.pkcs12.BasicPFX.verifyMac(Unknown Source)
     at com.ibm.security.pkcs12.PFX.verifyMac(Unknown Source)
     at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
     at java.security.KeyStore.load(KeyStore.java:695)
     at com.xxx.ebs.pa.disability.getdcdetail.transporter.TestEncrypyDecrypt.encrypt(TestEncrypyDecrypt.java:57)
     at com.xxx.ebs.pa.disability.getdcdetail.appladapter.GetDCDetailApplicationAdapter.handleCBMessage1(GetDCDetailApplicationAdapter.java:253)
     at com.xxx.ebs.pa.disability.getdcdetail.mdb.GetDCDetailCBListenerBean.localOnMessage1(GetDCDetailCBListenerBean.java:100)
     at com.xxx.inte.ca.service.test.UnitTestGetDCDetail.main(UnitTestGetDCDetail.java:50)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
     at javax.crypto.b.<clinit>(Unknown Source)
     ... 10 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
     at javax.crypto.b.a(Unknown Source)
     at javax.crypto.b.a(Unknown Source)
     at javax.crypto.b.g(Unknown Source)
     at javax.crypto.b$0.run(Unknown Source)
     at java.security.AccessController.doPrivileged1(Native Method)
     at java.security.AccessController.doPrivileged(AccessController.java:351)
     ... 11 more
What is the possible solution !

Private key import via ImportPrivateKey

I used the Certificate web app included with WLS 7.0 SP1 to generate my private
key and my CSR. I then used the CSR to request a certificate from my Dept. of
Defense Certificate Authority. I received my certificate. I then tried to use
the WLS ImportPrivateKey utility to import my key with the following steps as
shown in the ImportPrivateKey reference example.
1) I used keytool -printcert to verify the contents of my servercert.pem file
and my CAcert.pem file.
2) I combined the certificate returned for my server with the CA's root certificate
cat servercert.pem CAcert.pem > combined.pem
3) I converted my private key file produced by the Certificate web app to pem
format using the WLS der2pem utility
4) I ran the Import utility
java utils.ImportPrivateKey serverkey.jks store_pwd key_alias key_pwd combined.pem
server_private_key.pem.
I received the following error.
ImportPrivateKey will create serverkey.jks
ImportPrivateKey failed, java.security.KeyManagementException: ASN.1: Unxpected
ASN.1 tag
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
Source)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:76)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:44)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:32)
Does anyone have an idea where I went wrong? Can anyone offer an explanation?
Thanks

"Mallik" <[email protected]> wrote in message
news:3f3274e9$[email protected]..
>
I am trying to install weblogic generated ssl certificate and because theprivate
key needs to be encrypted with a password, i am loading this in a new JDKkeystore
and trying to configure WL.
I am running utils.CertGen from weblogic 7.0 sp3 on XP.
X:\SSLTest>java utils.CertGen testpassword testcert testkey
Creating Domestic Key Strength - 1024
..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
Encoding
Try this on 8.1 and see if it works. There was a bug fix with respect to "_"
in hostnames.

Private key password for Default DemoIdentity Keystore?

Hi
I am trying to Configure SSL in ALSB. I have created the PKI Credential mapping for the Default DemoIdentity Keystore
But it is asking for the password to access the Keypair.
The document states that i need to provide the password set during the creation of the keystore
but as i am using the default keystore i dont know where to look for the password.
Error :
[Security:090809|The key pair could not be retrieved from the keystore with the supplied alias demoidentity and its password
I tried using the KeyStorePassphrase but it didnt help me much ..
Can any one help me on this?
Regards
Anusha

Jay is right
To be more precise you can use something like
keytool -list -keystore ${wl_home}/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrasewhich leads to the following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
certgenca, Mar 22, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
wlsdemocanew2, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
wlsdemocanew1, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
wlscertgencab, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FEThe following list provides the location and passwords of the demo certificates:
Trust store location: ${WL_HOME}/server/lib/DemoTrust.jks
Trust store password: DemoTrustKeyStorePassPhrase
Key store location: ${WL_HOME}/server/lib/DemoIdentity.jks
Key store password: DemoIdentityKeyStorePassPhrase
Private key password: DemoIdentityPassPhrase

Import J2ME source into Java ME SDK 3.0

Hi,
Im new to Java ME.
The internet has lots of J2ME examples for games(but none for Java ME SDK 3.0), and im trying to import these into Java ME SDK 3.0 . I click on new project and select 'Import Wireless Toolkit Project', but it doesn't detect a project. Ive tried this with several popular J2ME samples.
Anyone know how to do this right, so I can import J2ME projects into Java ME SDK 3.0 completely, with classes, packages and resources intact?
I tried making a new project, and then copying the files into the relevant directories too. All the classes show up in the SDK, but on running the program no app is displayed in the emulator.

Don't double post. I've removed the thread you started in the Java Programming forum with the identically same question.
db

How do i import my local csv files into HANA database as temporary tables using java program?

I want to import my local csv file into database for further apply Join with other tables programmatic in JAVA

Hi Vivek,
Please go through the following blogs and video to resolve your issue.
Loading large CSV files to SAP HANA
HANA Academy - Importing Data using CTL Method - YouTube
Hope it helps.
Regards
Kumar

Importing a PKCS12 private key into java Keystore

Similar Messages

Maybe you are looking for