-1

I am trying to connect to a kafka 2.0 server using SSL. I have been provided with a Truststore file and a Keystore file and since I am using python I tried to extract the the client certificate using the command:

keytool -exportcert -alias localhost -keystore kafka.client.keystore.jks -rfc -file certificate.pem

taken from here (a similar command was provided also here). The problem is I am getting an error:

keytool error: java.lang.Exception: Alias does not exist

which I have some trouble decipher. Am I supposed to create an alias myself or I should ask for an alias from the ones provided the JKS containers? I am not really familiar with the SSL configuration so I may be missing something here.

I have also tried to check the available aliases in my machine using the command (from here):

keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit

but I am not sure 1) if this is the right place to search for the aliases and 2) I could not find any relevant entry there I think.

If someone can provide some instructions on how I should proceed from here it would be great.

Eypros
  • 5,370
  • 6
  • 42
  • 75
  • It's your keystore, only you know what's in it, and what the aliases are. – user207421 Sep 04 '20 at 09:37
  • The keystore was provided to me (not created by me) and I could not handle it. So, I asked a question (and unfortunately) no one answered on how to handle the situation. Thus, I provided a solution to my problem. – Eypros Sep 04 '20 at 09:48
  • And you said in your question you had already tried that and failed. It is far from clear what kind of assistance you were expecting here. – user207421 Sep 04 '20 at 09:52
  • I tried to find aliases in my system. Not in the provided files. – Eypros Sep 04 '20 at 10:17

1 Answers1

0

Well, after some research I think I found a solution over this problem.

1 First I used this command to find out the aliases included in the files:

keytool -list -rfc -keystore kafka.client.keystore.jks

in my case there were 2 aliases: client and caroot. The output looks like this:

Keystore type: PKCS12
Keystore provider: XXX

Your keystore contains 2 entries

Alias name: caroot
Creation date: Sep 4, 2020
Entry type: trustedCertEntry

-----BEGIN CERTIFICATE-----
.....

where it is clear what the aliases are.

2 Then I used the proper alias in place of localhost:

keytool -exportcert -alias client -keystore kafka.client.keystore.jks -rfc -file certificate.pem

to extract the client certificate.

Eypros
  • 5,370
  • 6
  • 42
  • 75