Unable to import .p12 certificate to cacerts

Question 1

Unable to import .p12 certificate to cacerts

java authentication keytool pkcs#12 jks

Mrinal Bhattacharjee · Apr 12, 2013 · Viewed 25.3k times · Source

Answer

Answer

It probably means that:

in cacerts you already have an entry with alias mb_ca
in .p12 you don't have an entry with alias mb_ca

Try to do the following:

Use -list to see the existing entries of .p12 and their alias. Adapted to your example it will be something like this: keytool -list -keystore /home/sogadm/MB_copy/MB_client.p12 -storepass 123456 -storetype PKCS12 -v
-delete the existing mb_ca entry in cacerts, if it is a wrong one or if you don't need it
Use -srcalias and -destalias for better control

Actually, if cacerts is a trusted certificates store you shouldn't import to it the private key entry from your .p12. Export the public key first, then import it to cacerts:

keytool -exportcert -keystore /home/sogadm/MB_copy/MB_client.p12 -storepass 123456 -storetype PKCS12 -alias p12_entry_alias -file /home/sogadm/MB_copy/MB_client.cer

keytool -importcert -keystore /usr/java/default/jre/lib/security/cacerts -storepass changeit -alias mb_client -file /home/sogadm/MB_copy/MB_client.cer

Hope it helps.

Question 2

While importing .p12 to cacerts I'm facing the following issue. First line says alias already exists and then when I try to overwrite it says alias not found. Please help me tackle this issue.

/usr/java/default/jre/bin/keytool -importkeystore -deststorepass changeit -destkeystore     /usr/java/default/jre/lib/security/cacerts -srckeystore /home/sogadm/MB_copy/MB_client.p12 -srcstoretype pkcs12 -srcstorepass 123456 -alias mb_ca
Existing entry alias mb_ca exists, overwrite? [no]:  yes
keytool error: java.lang.Exception: Alias <mb_ca> does not exist

Unable to import .p12 certificate to cacerts

Answer

Related questions