How do I programmatically install a certificate to the windows personal certificate store using Java?

Question

In the windows personal certificate store, I am trying to programmatically install a certificate with the private key(using method setKeyEntry) using Java. But I get an exception when I do that.

Caused by: java.lang.UnsupportedOperationException: Cannot assign the key to the given alias.
    at jdk.crypto.mscapi/sun.security.mscapi.CKeyStore.engineSetKeyEntry(CKeyStore.java:405)
    at jdk.crypto.mscapi/sun.security.mscapi.CKeyStore$MY.engineSetKeyEntry(CKeyStore.java:57)

Code snippet:

    KeyStore userCertStore = KeyStore.getInstance(getValue(CERTIFICATE_STORE_TYPE));
    userCertStore.load(null,null);
    for (iaik.x509.X509Certificate cert : user.getUserCertificates()) {
        userCertStore.setCertificateEntry(cert.getSubjectDN().toString(), cert);
        userCertStore.setKeyEntry(cert.getSubjectDN().toString(),user.getUserPrivateKey(cert),new 
        SecureStringBuffer(new StringBuffer(password)).toCharArray(),user.getUserCertificates());
    }

score 2 · Accepted Answer · answered Apr 08 '21 at 16:48

2

The certificates are already set during setKeyEntry - do not store the certificate using setCertificateEntry.

setCertificateEntry is used to set trusted certificates (of the other party), the setKeyEntry is used to store private keys and the full certificate chain belonging to that private key.

So when you set the private key the alias is already taken by a "trusted certificate".

answered Apr 08 '21 at 16:48

Maarten Bodewes

90,524
13
150
263

As I didn't test this myself (just applied reasoning), please comment below if this fixed your issue (I presume it did through the accept, but yeah, just want to be sure). – Maarten Bodewes Apr 09 '21 at 07:29

How do I programmatically install a certificate to the windows personal certificate store using Java?

1 Answers1