alias mismatch of .pfx file or .p12 file between keytool and java keystore.aliases()
Question
I am trying to get aliases from pfx/p12 file using
keytool -v -list -storetype pkcs12 -keystore servercert.p12 -storepass 1234
which gives me
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jul 4, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CSIT CA, O="CSIT CA,Ltd.", L=Dhaka, ST=Dhaka, C=BD
Issuer: EMAILADDRESS=csit@csit.com, CN=CSIT CA, OU=Software Department, O=CSIT CA, L=Dhaka, ST=Dhaka, C=BD
Serial number: 1
Valid from: Tue Jul 04 15:41:40 BDT 2017 until: Mon Mar 30 15:41:40 BDT 2020
Certificate fingerprints:
MD5: 5C:CC:77:17:6C:91:FC:81:58:5A:D4:B0:FE:D8:B9:A8
SHA1: 9A:34:32:64:29:BF:0B:7E:4F:63:1B:27:99:54:41:0F:9D:55:CF:C8
SHA256: 27:01:BE:9D:F6:0E:38:35:AE:9C:07:B9:64:AB:76:50:06:D3:5D:8E:25:C4:59:87:D0:E9:A1:5A:96:41:D7:70
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 0F 04 D5 F6 1B 84 E5 87 EB 64 70 C7 D8 F2 5F 2.........dp..._
0010: FA 92 4D 57 ..MW
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example.com
DNSName: www.example.com
DNSName: mail.example.com
DNSName: ftp.example.com
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 59 74 4B 59 3B 1D 76 99 C2 10 4D 09 12 94 BB .YtKY;.v...M....
0010: 20 95 2C 21 .,!
]
]
*******************************************
*******************************************
The alias is "1" here.
However, I also try using java
KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
InputStream input = PdfSigner.class.getResourceAsStream(KEYSTORE_LOCATION);
keystore.load(input, PASSWORD.toCharArray());
System.out.println(keystore.size());
Enumeration<String> s=keystore.aliases();
while(s.hasMoreElements()){
System.out.println("alias:"+s.nextElement());
}
which gives me
1
alias:326bbd5c3d1ad4c6013ee70938d2c76b3c7a29d0
Which shows mismatch in alias.
Note: I generate my certificate using this
Q1: Why there is mismatch?
Q2: if there is mismatch, how can my client provide me with pfx/p12 file, alias and pass,which will be used to sign pdf on the fly?
1 answers
solution1
1 ACCPTED 2017-07-04 13:10:08
Alias is a friendly name but it is optional. May be each tool is using a different way to calculate it if it is not set. When you exported .p12 file, check the "name" that you set to alias.
For example using
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.