Although this question was more specifically about IP addresses in Subject Alt. Names, the commands are similar (using DNS entries for a host name and IP entries for IP addresses). To quote myself: If you’re using keytool, as of Java 7, keytool has an option to include a Subject Alternative Name (see the table in … Read more
Delete the empty keystoreFile.txt, then run your 2nd command again [aniket@localhost bin]$ keytool -genkey -alias myKeyStore -keyalg RSA -keystore /home/aniket/keystore/keystoreFile.txt It’s trying to create the file you specify with the -keystore flag. The reason your first one command failed is that you gave it an existing directory name.
It’s quite easy. If you check keytool manual you can see the following: $ keytool -importcert -help keytool -importcert [OPTION]… Imports a certificate or a certificate chain Options: … removed for clearity -cacerts access the cacerts keystore To get rid of that warning you must use -cacerts option instead of calling cacert keystore: keytool -import … Read more
What Tomcat needs is the certificate and its private key. The certificate is public information that any of your user can see, but the private key should be yours only: this is what prevents others from running a website with your certificate. By importing MyCompany.der, you’re only importing the certificate. You would need to find … Read more
This is due to how Java handles keystores so it’s not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs. In short, you may trust someone to view/update your keystore but not sign things with a key … Read more
The keytool that ships with the Oracle JDK allows you to specify it on the command line with -storepass, you were doing keytool -help instead of keytool -list -help. (I suppose the Android version is the same.) C:\>keytool.exe -list -help keytool -list [OPTION]… Lists entries in a keystore Options: -rfc output in RFC style -alias … Read more
The following code inserts the CA cert file yourcert.cer into your keystore without using keytool: import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; import java.io.IOException; import java.io.InputStream; import java.io.DataInputStream; import java.io.ByteArrayInputStream; import java.security.spec.*; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Collection; public class ImportCA { public static void main(String[] argv) throws Exception { … Read more
Came across this problem too, for me I was using windows powershell and it kept generating a 32 character key. When I switch to plain old cmd it worked as expected.
The password is used to protect the integrity of a keystore. if you don’t provide any store password, you can still read the contents of the keystore. The command keytool -list demonstrates this behavior (use it with an empty password).
Sometimes this error is symptomatic of using an incorrect password for the p12 key.