Questions tagged [keytool]

Keytool is a key and certificate management utility which is used to manage Java Keystores. It is shipped with Java.

48 questions
32
votes
3 answers

How to generate .key and .crt file from JKS file for httpd apache server

I have the mycert.jks file only. Now i need to extract and generate .key and .crt file and use it in apache httpd server. SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key…
Sohan
  • 729
  • 1
  • 6
  • 12
14
votes
1 answer

Unable to generate certificate with Subject Alternate Name using Java 1.7 keytool utility

I'm having an issue generating a keypair with subject alternate name using the Java keytool utility from Java 1.7. I'm attempting to follow the instructions found here. An example of the command I'm using follows (this example has been…
Deacon
  • 243
  • 1
  • 3
  • 9
14
votes
1 answer

Copy a Java keystore on one machine to another?

I have a keystore on one machine (at /root/.keystore) and I want to move it to another machine at the same location. Currently, the second machine doesn't have a keystore at /root/.keystore, is there a way I can export then create/import? Or do I…
Brandon
  • 247
  • 1
  • 2
  • 6
12
votes
3 answers

How to generate new, 2048-bit Diffie-Hellman parameters with Java keytool?

We are non-experts trying - unsuccessfully so far - to update our web server (JBoss-5.1.0.GA) settings to meet Diffie-Hellman standards. After running a test on https://weakdh.org/sysadmin.html, we are told that we need to "generate new, 2048-bit…
user2072931
  • 145
  • 1
  • 2
  • 6
10
votes
4 answers

Keytool SubjectAlternativeName

I'm trying to get the certificates just right for our Jira/Confluence deployments in house. People access them differently, either from the hostname or the FQDN. I'm using Java 7's keytool so I have access to the server alternate name…
Tawm
  • 183
  • 1
  • 1
  • 11
9
votes
3 answers

Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing?

Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing? Does anyone anywhere offer a download of something like this that I can use in testing? I know how to use openssl to sign a key with a CA, but…
djangofan
  • 4,172
  • 10
  • 45
  • 59
6
votes
3 answers

Extract key from JKS keystore to use with apache2 and tomcat

I have a keystore in JKS format and I want to use that with apache2. How can I export the key and the certificates (that i already chained) out the JKS in a easy way? I found many answers out there but seems that no one has my problem... (or the…
CappyT
  • 183
  • 2
  • 3
  • 12
5
votes
1 answer

Can't import SSL key using keytool

I have a problem with keytool tool. I have a FishEye/Crucible server which needed to be connected to my Jira server. My Jira server uses SSL. I'm trying to import ssl certificate using the following command: keytool -importcert -alias "JiraCert"…
Eslam
  • 239
  • 2
  • 5
3
votes
1 answer

Enable SSL with Jetty 8

I received certificates from GoDaddy an I'm trying to enable SSL with Jetty but receive an error 107 SSL protocol error when connecting to https://server.com:8443 I generated the keystore using these commands : keytool -keystore keystore -import…
Jerec TheSith
  • 163
  • 1
  • 3
  • 8
2
votes
2 answers

ERR_SSL_VERSION_OR_CIPHER_MISMATCH with signed certificate in Tomcat

I have a tomcat server for which I needed a signed certificate. I generated a key using keytool -genkey .... and then generated a CSR and sent it to my company admin. They gave me back a CER file with the signed certificate and certificate…
feroze
  • 245
  • 2
  • 8
2
votes
1 answer

Tomcat 8.5.4 SSL configuration troubles

The version details : Using CATALINA_BASE: /apps/TOMCAT/tomcat Using CATALINA_HOME: /apps/TOMCAT/tomcat Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp Using JRE_HOME: /usr Using CLASSPATH: …
user2967267
  • 113
  • 1
  • 6
2
votes
1 answer

How to use your ssl certificate and key from your website with activemq console?

After enforcing strict transport security in a server, it is also forcing https into port 8161 for activemq which of course makes it fail. I followed this instructions to enable https on activemq console on port 8162 and it…
Ulukai
  • 829
  • 2
  • 10
  • 28
2
votes
0 answers

sign keytool generated cert/key pairs using easy-rsa openvpn intermediate CA

I am creating root and intermediate CA with easy-rsa using ./build-ca & ./build-inter commands consecutively. Now, I want my root ca as offline and I want my certs/keys signed by intermediate CA. I am generating cert/key using keytool. When I am…
2
votes
1 answer

Generate SSL certificate using Keytool

I have a question about SSL certificates. I use Openssl to generate the certificate: I followed this tutorial. My goal is to generate: .crt .key .pem Is possible to obtain the same files using keytool?
Safari
  • 155
  • 1
  • 2
  • 7
2
votes
1 answer

Keytool import certificate fails "Public keys in reply and keystore don't match"

I'm importing a SSL certificate to use in Tomcat in my keystore using keytool and it fails with "Public keys in reply and keystore don't match" Problem might be declared by the fact that I created a new keystore after I accidentaly removed the old…
Bas Danen
  • 123
  • 1
  • 1
  • 4
1
2 3 4