openssl fails to produce a pfx with a valid alias

user3198232 picture user3198232 · Jan 15, 2014 · Viewed 19.5k times · Source

I am trying to generate a pfx file to use as a signing mechanism for some JAR files as per these instructions.

To create the pfx file I am using the following command

openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx

This command successfully generates me a pfx file, however, when I try to find the alias using the following command

keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep Alias

I get the following response

Alias name: 2

According to the note linked above (and other research I have done) the Alias returned should look something like this

le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a

If I try to use the Alias value I am getting (e.g. 2) using the following command

jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2

which results in the following error message

jarsigner: Certificate chain not found for: 2.  2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

I am totally stumped as to why I am not getting a correct alias.. Any helpful suggestions ?

Thanks

Answer

vond picture vond · Jan 16, 2014

Try using option -name "alias" with command openssl pkcs12.

So, the full command may look like (the rest of options were taken from your question):

openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"