2

I have received the three certificates(.CER files) to access the production server. How I am going to add/convert these certificates into PKCS12 file.

Rohit
  • 445
  • 2
  • 7
  • 17
  • Do you also have the private key? In a keystore? – Jcs Dec 09 '13 at 06:33
  • For accessing the production environment I have received ONLY the three certificates(no keys/alias etc). But in my development environment, I am having the keystore file, alias and password for the keystore and PKSC12 file available. – Rohit Dec 09 '13 at 06:52
  • How are you going to use the PKCS12 file? Are these certificates the server certificate and the certificate chain up to a CA cert? – gtrig Dec 11 '13 at 00:10
  • Code is working fine in development environment where I am having couple of certificates(PKCS12) for signing and encryption to send messages to the server. And self-signed certificate(JKS) which I have used to generate the truststore file. Now I have received the three certificates(.CER files) to access the production server. How I am going to add/convert these certificates into PKCS12 file and truststore file. – Rohit Dec 11 '13 at 03:06

4 Answers4

2

First export your certificates to a keystore and then import the keystore as a pkcs12 file. If you jave java installed you can use keytool command to accomplish both.

1) /jre/bin/keytool -importcert -alias cert1 -keystore keystore.jks -file Cert1.cer
2) /jre/bin/keytool -importkeystore -srckeystore keystore.jks -srcalias cert1 -destkeystore keystore.p12 -deststoretype PKCS12


Similar steps can be done using openssl too.

Atul Soman
  • 4,612
  • 4
  • 30
  • 45
  • I am running the first command keytool -export -alias cert1 -keystore new_truststore.jks -file ProduCert.cer It's giving me error file new_truststore.jks doesn't exists. If I give my development environment JKS file then I get alias cert1 doesn't exists. – Rohit Dec 09 '13 at 07:33
  • 1
    This is what I have done: 1. keytool -importcert -alias medicare -keystore storeskey.jks -file ProduCert.cer 2. keytool -importkeystore -srckeystore storeskey.jks -srcalias medicare -destkeystore keystore.p12 -deststoretype PKCS12 And I am getting the below exception: Problem importing entry for alias medicare: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias medicare not imported. Please suggest. – Rohit Dec 09 '13 at 23:01
0

I got the same error and when it say's 'Do you want to quit the import process? [no]:' keep typing 'no'. It finally said: Import command completed: 1 entries successfully imported, 2 entries failed or cancelled.

It worked and all my certs were imported into the new format correctly.

lake
  • 459
  • 4
  • 2
0

I just used a older version of keytool executable and the issue was resolved.

Kishor Jha
  • 41
  • 3
0

the server on which you sign your certification $(hostname -f).pem should have the same java version as the nodes you plan to import cert like the following:

$JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks

if you take lower version on the server to sign your certification but you take new java version on the nodes for TLS/SSL, you will see the warning.

Zheng Yong
  • 1
  • 1