16

I try to create a new self certified keystore file

The command I use is:

keytool -genkey -selfcert -dname "cn=My Name, ou=Orga unit" -alias selfcertified -keypass somepass -keystore keystore.jks -storepass anotherpass -validity 365

but I always get this annoying error:

keytool error: java.lang.Exception: Keystore file does not exist: keystore.jks

I do not understand why I'm getting this error. The command above should create a new keystore, so why is it complaining about a non existing store?

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
Chris Friedl
  • 163
  • 1
  • 1
  • 4

5 Answers5

28

Generating a key pair (and a new keystore) has to be done as a separate operation to creating a self-signed certificate for that key.

i.e.

keytool -genkey -alias myKey -keystore store.jks
keytool -selfcert -alias myKey -keystore store.jks
OrangeDog
  • 36,653
  • 12
  • 122
  • 207
  • 1
    from the keytool online documentation: A keystore is created whenever you use a -genkey, -import, or -identitydb command to add data to a keystore that doesn't yet exist. (http://download.oracle.com/javase/1.4.2/docs/tooldocs/solaris/keytool.html). according to this, the keytool command should create a new keystore instead of saying it does not exist. could you plz give an example of how to perform these two steps you mentioned? – Chris Friedl Feb 07 '11 at 15:56
  • @Chris Friedl - `-genkey` and `-selfcert` are separate commands: you can't do both at once. – OrangeDog Feb 07 '11 at 16:18
  • thanks! - two separate commands did it finally. the funny thing is, there are several sites providing tutorials with the two commands in one line as i have written above. – Chris Friedl Feb 07 '11 at 16:58
  • 1
    It says store file not found? what is store.jks here? – Mann Aug 11 '12 at 14:43
3

Run command prompt as Administrator and it will be done.

ANAS EL HAMRA
  • 41
  • 4
2

First generate the upload key using below command:

keytool -genkeypair -v -keystore my-upload-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000

then run

keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v
Harshal
  • 7,562
  • 2
  • 30
  • 20
0

-selfcert option was made obsolete in keytool for Java 6. Check the last section of "Changes" here: Java 6 Keytool

So for Java 6 and onwards, replace -selfcert with -certreq

Sanora
  • 93
  • 1
  • 5
0

Seems a old link but this is what I tried - Hope this helps someone. In my case as .keystore file was missing in the below location, I had run the following command; keytool -genkey -alias mykey -keystore "C:\Users\username.keystore" This creates a .keystore file in the location, system asks you for information like What is your first and last name? What is the name of your organizational unit? What is the name of your organization? What is the name of your City or Locality? What is the name of your State or Province? What is the two-letter country code for this unit? Is CN=XXX, OU=XXX, O=XXX, L=XXX, ST=XXX, C=IN correct?

Say "Yes" and the keystore will get created.

Siva Dorai
  • 63
  • 5