Using keytool to export public/private keypairs (not just certificates)

Similar Messages

• Using keytool to generate self signed cert. for Microsft Certificate Mrg.

  Hi All,
  I want to be able to generate a self signed certificate that I can Import into
  Microsoft's Certificate Manager, to enable an HTTPS Listener for
  Microsoft's WinRM and WinRS.
  The certificate would only be for internal use, not used externally.
  Here's the problem. I can create a certificate using this (path obscured):
  "C:\Program Files\.....\jre\bin\keytool" -genkey -al
  ias dMobX -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -dname "CN=your-f5c57803
  53" -keypass changeit -validity 90 -storetype pkcs12 -keystore "C:\Program Files
  \......\jre\lib\keystore\.keystore" -storepass changeit
  "C:\Program Files\......\jre\bin\keytool" -export -alias dMob
  X -file "C:\Program Files\......\jre\lib\keystore\dMobX.cer" -stor
  etype pkcs12 -keystore "C:\Program Files\.......\jre\lib\keystore\.
  keystore" -storepass changeit -v
  Microsoft's Certificate Manager will accept it, the .cer, using "Import", into
  Trusted Root Certification Authorities, but when I run the command to create the HTTPS Listener, I get this error message:
  The WS-Management service cannot find the certificate that was requested.
  If I use another tool, like selfssl, I can generate a self signed certificate using:
  selfssl /N:CN=your-f5c5780353 /K:1024 /V:90 /P:443 /T
  This will populate a certificate in Trusted Root Certification Authorities,
  and when I run the command to create the HTTPS Listener, it succeeds with
  no problem.
  So my question is, am I doing something wrong with keytool, or are there
  extra steps that I need to take, or is it even capable of generating a "self signed
  certificate" that will work in the above case?
  There are some concepts involved, certificate wise, that I'm not sure about.
  Do I need to create a CSR and use a tool like openssl, as a CA, and
  use the resulting certificate?
  I just want to be able to programmatically create the needed certificate using keytool, or
  using an API.
  Thanks,

  Download the latest JDK on http://download.java.net/jdk7/binaries/.
  Run "keytool -genkeypair -ext KU=? -ext EKU=? ...". Substitute the "?" with the usages you see in the other cert (for example, "digitalSignature" or "codeSigning". If there are multiple ones, separate with comma).

• My iMac suddenly can't read the backup hard drive I've been using for Time Machine.  I did NOT just upgrade the OS or anything.  The external HD is an OWC Mercury Elite All Pro. It's worked fine since I got the iMac 4 years ago.`

  My iMac suddenly can't read the backup hard drive I've been using for Time Machine.  I tried unplugging the cord that connects the HD to the iMac and plugging it back in, but I still get "The disk you inserted was not readable by this computer" below which are buttons for Initialize, Ignore and Eject.  I was using a cord that went from larger square plug to larger square plug.  So then I tried one that went from smaller square plug to what I think is USB (thin rectangular plug) of the sort that connects the keyboard and mouse. It's the type that my printers and scanners use to connect to the iMac.  I did NOT just upgrade the OS or anything.  The external HD is an OWC Mercury Elite All Pro. It's worked fine since I got the iMac 4 years ago. What else can I try before just trying to initialize and

  Thanks, Michael!  I do hear it at times spooling up and running. Just after I bumped the thread I looked for troubleshooting for this drive online and found the manual which suggested using Disk Utility which I've seen before accidentally (if I hit Command Shift U instead of Shift U to type "Unit" on a new folder for a student's homework ) but had never really noticed.   Disk Utility does see it and also a sub-something (directory?) which might be the Time Machine archives on the disk, called disk1s2), sort of the way that my iMac's hard drive shows up as 640.14 GB Nitachi HDT7... and has a sub-something titled DB iMac, which is what I named my iMac's hard drive.
  Anyway the owner's manual just shows the image under the formatting section, not the troubleshooting section, but as soon as I saw it in the manual I remembered seeing it accidentally a few times, went to it, and am now verifying the disk.  Right now it's telling me that it will take 2 hours to complete the verification, so I guess I have a bigt of a wait.  :-) 
  Does that fact that Disk Utilities can see it mean it's not failed, or just that it hasn't completely failed? 
  I can see the virtue in having multiple redundant backups, or at least two backups. What do you suggest?  Two external hard drives?  I had this one linked by ethernet, and but I also have a cord that could link it by USB (like a printer), so if this one is reparable I could get a second one and link it by USB.  If this one is not reparable I could get two and do the same thing.  I do have an Airport so I suppose it's possible to get some sort of Wi-Fi hard drive (my new printer/scanner uses only the network and not a cable, although it has a cable that I used for the initial installation), but I'd suspect a Wi-Fi hard drive might have a higher price.
  What hard drives, if any, do you recommend? I seem to recall that when I was looking at external hard drives 4 years ago, Apple's were substantially more expensive, which is why I got the OWC Mercury Elite All Pro.

• HOW TO Export Entire Page Report, Not Just Regions, To CSV or Excel?

  I need to export a main report (Page 2014) that consists of 5 different regions (Name, Feature, States, Admin Areas, and Maps), as one CSV file.
  I know that I can set each of the 5 different region's report attributes to export by enabling the CSV output to Yes.
  But , since my main report (Page 2014) has these many regions, I end up with 5 different CSV files.
  There is no attribute to set for the main report (Page 2014) to enable it to export as CSV output.
  How can I get an all-encoompassing CSV file of the main report (Page 2014)?
  Thank you in advance,
  Maggie

  Hello Maggie,
  >> How can I get an all-encoompassing CSV file of the main report (Page 2014)?
  This might be possible using the advanced print server configuration, with BI Publisher, using the same technique that is being used to print master-details reports (which is a type of a multi-region report) - http://www.oracle.com/technology/products/database/application_express/html/configure_printing.html . The standard print server configuration only supports reports with a single region. If you have BIP in your organization, that’s great. Otherwise, CSV files don’t warrant it.
  The only other option, I can see, is to create the CSV file manually, using the technique described in the following Blog entry, by Scott Spendolini - http://spendolini.blogspot.com/2006/04/custom-export-to-csv.html .
  Regards,
  Arie.

• Use pages from other templates...not just the one you chose.

  Is there a way to choose a page from another template besides the one I started with. For example if I choose the "School Report" template, but want to also use a page from the "Lesson Plan" template, how can I do this. If you click add new page, it only gives you the initial template pages. I tried opening a new template and copying and pasting the page I wanted, but it does not work.

  My guess is that it's because the objects are floating ones.
  If you switch them as inline one, you will be able to copy the page, sometimes after inserting section breaks.
  Yvan KOENIG (from FRANCE mardi 10 février 2009 21:19:34)

• Deleted the public/private keys installed by iPCU & untrusted the certs

  Hi;
  it's early in the morning and i couldn't quite figure what was going on
  when:
  - new public and private keys "appeared" in keychain
  - a certificate was installed almost as soon as a plugged
  an iphone in while running iPhone Config Util (iPCU i now
  realize)
  From the console:
  Tue Jun 30 02:39:45 unknown mcmobiletunnel[363] <Warning>: added object <NSCFType: 0x1073d0> to keychain as iPCUHost-D3FA2B23-E0D0-4C42-A48B-DFXXXXXXXX-HostCert success 1 error 0
  What it looks like is on connecting the iPhone "phoned home" and snagged a certificate and public and private keys to install on my MacBook Pro.
  I deleted these not realizing who iPCUHost was (an earlier cert was marked as untrusted on a pass trhough my certs earlier).
  OK: so *how* do i recreate the public/private keys? the Certificates in Keychain?
  Tried: downloading and re-installing iPCU
  Tried: Time Machine to earlier version if iPCU & using Software update to Update.
  This is where things look unhappy in the iPCU console:
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: main: Could not receive request from host.
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive size of message
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive message
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: main: Could not receive request from host.
  Thx
  Jim

  I'm in the same situation here. While trying out the iPCU, I noticed my test devices were showing up with a certificate of "iPCUHost...". I was hoping to replace this default cert with one from our own CA, and in the process of messing around I tried deleting all of those certs from my Keychain. They deleted just fine, and after a sync the cert also disappeared from the connected iPhone. Unfortunately, there is no obvious way to replace that cert and as of now, I cannot install any profile to the device that has had the cert removed. If I select the device and click "Install" on a profile, nothing happens... no errors, no console messages, it just does nothing.
  I'm not quite sure how to replace the missing cert, and in particular how to replace it with one of our own rather than the default. Surely we don't have to actually develop a web service just to install certs... (see page 21 of the Enterprise Deployment Guide)
  -mike

• Public/private key length 2048 in visual administrator

  Hello,
  I need to generate an RSA public/private keypair with visual administrator with a length of 2048. From the dropdownbox in the dialog, "Key and Certificate Generation", I can only select op to 1024.
  Who knows if this is at all possible and/or how to get it done?
  this is on a Netweaver 6.40, XI 3.0 system
  thanks very much
  Gr Wout

  Hello Wout
  I think this issue would be best placed in the Netweaver Administrator forum. You will have a better chance of getting a quality answer to your query on that forum. I will forward the thread.
  Regards
  Mark Smyth
  XI/PI Moderator

• When I try to open my Yahoo mail in safari, I get a message which states:" In order to use Yahoo mail, please turn Private Browsing off. Please go to Settings Safari Private Browsing, and turn off" The problem is my ipad does not a Private Browsing switch

  When I try to open my Yahoo mail in safari, I get a message which states:" In order to use Yahoo mail, please turn Private Browsing off. Please go to Settings>Safari>Private Browsing, and turn off" The problem is, my ipad does not a Private Browsing switchat this location.

  With iOS 7 on the iPad, you turn Private  Browsing on and off by tapping the URL field.  The screen that  opens up has your bookmarks on it.  In the bottom left corner is a hot button marked 'PRIVATE'.  Tap on the word 'PRIVATE' to turn private browsing on or off.  Yeah, there aren't any instructions anywhere that I can find to do this, and if you follow Yahoo's instructions, they don't work.  This doesn't happen with the previous Apple OS, and you can restore your iPad to the older OS. 

• I am not able to use the ftp export in Muse. When I enter my host, name and password, I get a long interlude of rainbow wheel and finally the message that my ftp host cannot be found. I have verified the name and that it is port 21. I can export to html a

  I am not able to use the ftp export in Muse. When I enter my host, name and password, I get a long interlude of rainbow wheel and finally the message that my ftp host cannot be found. I have verified the name and that it is port 21. I can export to html and use another ftp client to upload (to the same server) but this is tedious and making minor changes is painful. Have you encountered this and found a solution?

  Hi Susan,
  In that case I will recommend that you consult a local technician/IT team and see if there is some network connectivity issue with your machine.
  - Abhishek Maurya

• Sharing calender for public appointments only not anything private

  I'm looking for a way to share my calender in outlook 2010 or office 365 with a friend so that :
  1)  my calendar shows up in my friend's Iphone for all my public appointments but not anything I mark as Private .
  2) my friend can add appointments in my calender i shared with her so that   i can either  "approve" or "reject" the added appointments in my calender 
  I'm thinking this feature must be there for people with Assistants. I would appreciate if someone could tell me how to do this 
  Thank you 

  Hello,
  You can set delegate settings in Outlook by referring the following article:
  https://support.office.com/en-us/article/Allow-someone-else-to-manage-your-mail-and-calendar-aaeedebe-9de0-4141-8323-029f4b836759?CorrelationId=940ed041-5f14-481a-92f0-d63ceee63578&ui=en-US&rs=en-US&ad=US
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Export Quicktime movie is not rendering video track, just the audio track. However, everything works when using Quicktime Conversion menu options. What is wrong with my setting for Export Quicktime movie?

  Export>Quicktime movie is not rendering video track, just the audio track. However, everything works when using Quicktime Conversion menu options. What is wrong with my setting for Export>Quicktime movie?

  When you converted the original files via MPEG Streamclip, what did you convert them to?
  Have you tried trashing your preferences in FCP? Trashing FCP prefs is usually the first step when FCP is performing strangely.
  Download Preference Manager from Digital Rebellion (free) at:
  http://www.digitalrebellion.com/prefman/
  It will allow you to archive your current preferences if you wish to restore them later.
  MtD

• Premiere Pro CC not using previews on export

  I'm using PP CC on a decked out iMac(i7, 32Gb RAM, 14TB RAID, internal SSD) and my exports are very slow even when "use previews" is checked. Thing is, I don't think PP is using those previews. During the export I can see that aerendercore and importerREDserver are running. The sequence is already rendered so it shouldn't be pulling in the raw files from the red server or going to AE to render the linked ae comps. Right?

  I've been through this discussion before ... talk about deja vu all over again! 
  The best explanation I have received was at NAB, with two of the heavy-lifter behind-the-scenes staff of Adobe's video programs. Long and involved discussion, one of those where for about the next ten minutes I felt very enlightened on video processing, codecs, and computer hardware design & usage. And then reverted to a normal human status over the next hour. Ah well.
  Basically, there's only a couple 'codecs' where it is even possible to utilize previews in a render-out full export. They're huge puppies and most of us don't have the massive-capable machines that can handle that stuff on the fly for editing purposes. As to the rest ... remember, PrPro is like Lightroom, NOT Photoshop. It never makes a complete new 'file' when 'saved' like say Photoshop does, but only stores the info of the changes you have called for to be applied to the original footage, similar to Lightroom. And note, just as Lightroom can create p-views of various sizes up to 1-1, it never utilizes those highly-compressed p-views when you want to create or "export" a final form of the image for use. It takes the recipe of what you've ordered done to the original image and creates a version of that image with that look in the size and file-format (think codec) of your choosing. Which has nothing to do with the file-format (codec) of the internal-use p-view, even a 1-1 p-view.
  When viewing a monitor during PrPro, Sg, & AeFx, that's what you're seeing: the original footage with your changes added to it on the fly ... for the most part. In all three programs there are things complex enough that it will create new viewable bits & pieces but in very few situations will it ever completely create a new run of footage. You'd howl if it did ... think of the massive increase of stuff on your drives if it behaved that way! The bits it stores as "Previews" are neither complete new forms of your original footage nor are they of the quality you'd want or the particular nature of pixel-structure for any specific codec you want an output prepared into.
  When you render sections, or even entire clips/sequences for previews it renders those frames and sections of frames that are problematic into an internally-chosen codec that is quick for it to use on the fly and looks ok, and constantly intermixes those bits with original frame and the 'recipe' of what is being called for. It does NOT make an entirely new & complete form of the original footage with all changes applied.
  Apparently, there has been discussion internally as to whether the "Use previews for export" button should simply disappear unless you are using one of about two video formats that actually "live" in PrPro as full-res/size files. I asked why this hadn't been done, and the response was ... it's been considered. It would save a lot of hassle, grief, and arguments if they did, is what I'm thinking. The vast majority of us don't have one of those rigs that's like four super-Macs built into one "single" computer. Or a mobo with 8 different quad-or-better core cpu's, that sort of thing. We're not working directly in the formats that need such hardware.
  Neil

• Generate public private keys inside smart card

  Dear all,
  I am using this code to generate public and private key inside the smart card.
  KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
  kp.genKeyPair();
  PrivateKey prikey = kp.getPrivate();
  PublicKey pubkey = kp.getPublic();
  This code is executing without errors.
  I need to get out the public key from the smart card. So I need to get public key to a byte array.
  But I can't get those keys to plain text byte array.
  The methods that I can get for pubkey object are
  pubkey.clearKey();
  pubkey.equals(obj);
  pubkey.getSize();
  pubkey.getType();
  pubkey.isInitialized(); only these.
  I am using
  Eclipse Version: 3.4.1 (Compiler complience level = 1.4)
  Jcop plugin (to communicate with the actual card and to test the java code in virtual card provided by JCOP)
  OmniKey5321 card reader (In contactless type)
  What is the reason to get only those above methods to pubkey object? Is it a version problem?
  How can I get the public key to plain byte array? Is it possible?
  If it is not possible Is there a way to get public key as a export certificate or something other solution?
  If my scenario is not a possible strategy, How can I use public private keys to send specific data to applet? Is there a better way to do this?
  Edited by: 863766 on Jun 6, 2011 12:16 AM

  Thank you very much!
  I used this code
  RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
            short lenBytes = (short) (KeyBuilder.LENGTH_DES/8);
            byte[] buffer = JCSystem.makeTransientByteArray(lenBytes,JCSystem.CLEAR_ON_DESELECT);
            DESKey key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES , KeyBuilder.LENGTH_DES,false);
            rand.generateData(buffer, (short) 0 ,lenBytes);
            key.setKey(buffer, (short) 0 ) ;
            byte keyData[]= new byte[256];
            key.getKey(keyData, (short) 0);
  Now I know how to initialize the key...
  Thank you again.
  Regards,
  Dushantha
  Edited by: 863766 on Jun 6, 2011 3:52 AM

• Public/private keys

  How to create a private/public keys?
  Fred

  Hi Fred,
  Following are the steps required are to create a Public/Private Keys:
  1. Load the security provider (if not configured in $JAVAHOME/jre/lib/security/java.security)
  2. Obtain a handle to a secure random number generator.
  3. Obtain a handle to KeyPairGenerator for a specific public key algorithm.
  4. Generate the public/private key pair
  5. Extract the public and private keys
  The following example shows how to generate public and private keys using the KeyPairGenerator and KeyPair interfaces using JCSI's security provider.
  import java.security.*;
  // Load JCSI's JCA security provider
  Security.addProvider(new com.dstc.security.provider.DSTC());
  // Seed random number generator using the default seeding
  // "SHA1PRNG" = SHA1 Pseudo-random number generator
  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
  // Initialise KeyPairGenerator to create 1024-bit RSA keys.
  // PK Algorithm = "RSA", Security Provider = "DSTC" (Wedgetail)
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "DSTC");
  keyGen.initialize(1024, random);
  // Generate RSA pulic/private key pair
  KeyPair keyPair = keyGen.genKeyPair();
  // Extract public and private keys
  PrivateKey privKey = keyPair.getPrivate();
  PublicKey pubKey = keyPair.getPublic();
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• How to use "keytool" generated certificates in B2B

  Hi,
  I have generated few certificate stores(files containing private key and trust certificate) in ".jks" format and exported client certificate from them in ".der" format using "keytool" commands in java. Now I want to use them for SSL authentication.
  Is there any possible way of doing this ?
  I tried to open these keystores in Wallet Manager but it did not accept those keystores. Even I tried to create a keystore with name "ewallet.pk12" (in PKCS12 format) but wallet manager did not accept it's password.
  Please provide a solution if it exists.
  Thanks in advance.
  Regards,
  Anuj Dwivedi

  Hi,
  If you are generating key/certficates may be you could make the "keytool" to generate the keystore in PKCS12 format. This format can be opened using Oracle Wallet Manager. Here's the command,
  keytool -genkey -keyalg "RSA" -keystore ewallet.p12 -storepass welcome1 -storetype PKCS12
  The above command would create a wallet in the current directory and the same can be opened in the "Oracle wallet manager".
  Other Approach:
  If you want to export just certificates alone from "JKS" format keystore and add it to the ewallet.p12 as an trusted entry, you can very well do that.
  One thing note here, make sure keys are generated using algorithm "RSA". Sample commands below,
  1. keytool -genkey -keyalg RSA -keystore test.jks
  2. keytool -export -file test.crt -keystore test.jks
  3. You could import the certifcate "test.crt" created in the previous step to ewallet.p12 using "Oracle wallet manager".
  Regards,
  Sinkar
  [From Ramesh Team]