8

I am trying to re-sign some jars using the ant task 'signjar' however it's telling me "The signer certificate has expired."

So I tried to re-generate the keystore hoping this would 'un-expire' it...

keytool -genkey -keystore mykeystore -alias myalias

but after entering the keystore password i get: "keytool error: java.lang.Exception: Key pair not generated, alias already exists"

what am i doing wrong? do i need to delete the keystore to re-generate it or is there a simple way to refresh it so it's not expired?

thanks.

pstanton
  • 35,033
  • 24
  • 126
  • 168
  • I had this problem when I was creating a new keystore, and Eclipse just took a long time to make the build. I had to completely kill Eclipse and relaunch it. The keystore was actually generated before. – IgorGanapolsky Nov 06 '13 at 15:44

2 Answers2

6

You're mixing up the terms. A keystore contains keys, a key is something used for signing.

AFAIK, you're trying to put a new key into an old keystore using an existing alias (name). Why don't you simply used a new one? Either this or delete the old key from the keystore first. You don't need to drop the whole keystore.

Have a look at portecle, this simple tool allows you to manipulate the keystore more easily.

Chaim Geretz
  • 826
  • 5
  • 23
maaartinus
  • 44,714
  • 32
  • 161
  • 320
  • 2
    mixing terms? very likely! i really don't like the documentation for this 'feature' of java ... will take a look at portecle thanks. i guess what i'm looking for is a simple way to extend the expiry of a signature..... – pstanton Jan 28 '11 at 02:25
  • Strange. I just deleted my .jks file and yet... I get this very same error. For a key store with only 1 self-signed cert, why *shouldn't* I replace the whole thing? –  May 16 '14 at 15:13
  • @ebyrob: I'm not saying you shouldn't. Do whatever you think will work and if it doesn't, try portecle as it can help you to understand the problem. In case of a single key keystore, I'd suggest to use the same strong password for the keystore and the key (you surely avoid confusion and I really believe there's no security risk involved). – maaartinus May 16 '14 at 15:22
  • 1
    @maaartinus I use the same weak password for both. Really, I wouldn't even sign this test version if Oracle didn't force me to sign it just to test the applet in a browser. –  May 16 '14 at 16:23
2

For this simply regenerate you certificate again follow these steps.

   1)keytool -genkey -v -keystore mycertificate.keystore -alias mykey -keyalg 
   RSA -keysize 2048 -validity 1000
   2)  jarsigner -verbose -keystore mycertificate.keystore D:\app.apk mykey
   3) jarsigner -verify app.apk
     If it  will have done then shows a message "successfully verified"
   4) zipalign -v 4 D:\app.apk D:\signedapp.apk

  it will generate new certificate. enjoy :)
Tara
  • 2,598
  • 1
  • 21
  • 30