You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nestor Waldyd <nw...@yahoo.co.uk> on 2013/11/06 22:26:44 UTC
PFX generation using keytool
Hello,
I am trying to generate a PFX in order to make public a site via Forefront TMG. When generating the pfx, the following was prompted:
C:\Program Files\Java\jdk1.7.0_25\bin>keytool -importkeystore -srckeystore C:\securitySitam\.keystore -destkeystore C:\securitySitam\sitam.pfx -srcstoretype JKS -deststoretype PKCS12
Enter destination keystore password:
Enter source keystore password:
Problem importing entry for alias root: java.security.KeyStoreException: TrustedCertEntry not supported.
Entry for alias root not imported.
Do you want to quit the import process? [no]:
How can i solve this issue?
Re: PFX generation using keytool
Posted by Ognjen Blagojevic <og...@gmail.com>.
Nestor,
Chris,
On 6.11.2013 22:50, Christopher Schultz wrote:
>> java.security.KeyStoreException: TrustedCertEntry not supported.
>> Entry for alias root not imported. Do you want to quit the import
>> process? [no]:
>>
>> How can i solve this issue?
>
> What kind of stuff can be found in your .keystore source?
>
> If you have a TrustedCertEntry (which ought to be a client
> certificate, right?) then it has no place in a keystore... that
> belongs in a truststore, no?
Nestor probably have root and intermediate CA certificates imported into
Java keystore in order to create valid certificate chain during the
import of server certificate.
After the server certificate is imported into keystore, root and
intermediate CA certificates are safe to remove from the keystore.
> Try importing .. um, less of the source keystore?
Right, OP might:
1. Delete trusted key entries, and leave only PrivateKeyEntry, and then
export, or
2. add option -alias foo, where foo is alias for PrivateKeyEntry
available in the keystore.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PFX generation using keytool
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nestor,
On 11/6/13, 4:26 PM, Nestor Waldyd wrote:
> I am trying to generate a PFX in order to make public a site via
> Forefront TMG. When generating the pfx, the following was
> prompted:
>
> C:\Program Files\Java\jdk1.7.0_25\bin>keytool -importkeystore
> -srckeystore C:\securitySitam\.keystore -destkeystore
> C:\securitySitam\sitam.pfx -srcstoretype JKS -deststoretype PKCS12
> Enter destination keystore password: Enter source keystore
> password: Problem importing entry for alias root:
> java.security.KeyStoreException: TrustedCertEntry not supported.
> Entry for alias root not imported. Do you want to quit the import
> process? [no]:
>
> How can i solve this issue?
What kind of stuff can be found in your .keystore source?
If you have a TrustedCertEntry (which ought to be a client
certificate, right?) then it has no place in a keystore... that
belongs in a truststore, no?
Try importing .. um, less of the source keystore?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSermZAAoJEBzwKT+lPKRYTGAP/19gsnOTXPcDzSajWcivo4p1
52chc/vfaxYW5iUEYruov1vYHR5ZYksSKOu7LtcsOH3mh7wevnPiXWNwhELf70wu
mk2pLWE+ZxdR/V+ajvaw6xJqZ3ilYNinxYckIYz8KzIvydEV5l/o5MlQdALttHs4
83C7jNFmsOo6SOFdnaU/dE1zfJek/m0cK52e7a1iEm9EQm4aDCRx2ift1S+KEIfR
chaFxFOtTj6O+VWZwx4ecuy6kgDWGutL/gVrtFgbzSIuPu/eGk0/71zaavOQ6juB
FOayuHrsjnxOFt6Q/xlKmgrP6OaUQgElS01tL1rI620WTKsHEvdRUUQkOzZyLxUC
mlXaZ7qampU9KDpD9AomXDM1GHR/ri/a4MWdR1omCPD8hnxm6QVhomkxxVfJAq0O
ejrENYQjc/vw3lNX36Vpw+SNTxjn2DBFNaR9cgY/KZhmWbgFuxGP8RClOK5MJFG4
kGfs2HWEc8cWSwr/4aB9BqKzXTIt5HAmBKBX8QgrFFLdkrLxb2/F089Wqf+/H+pc
YHbGUU4JXvKpfLgp2IoPBX1V+AcKevBI3ONvKvQ/X3a4ssjGaC38viJoxmke8oOY
8p923Vt+tMmMieptB2o79D645wozsb3oYEZcvVT76pvHTbCah8f3URcWrgnMsfdv
NGvr9GLRRRxFPkBja25j
=rNpG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org