stackoom
  简体   繁体   中英

Java Keystore : missing decryptionKey and signingKey aliases

 原文  2018-01-12 17:27:28       java/ security/ ssl/ pfx/ pkcs#12

Question

I would need help about this exception that I don't understand... and I don't even find anything on google about that.

*java.security.KeyStoreException] : [The supplied keystore is not configured correctly, it must contain the ' decryptionKey ' alias and the ' signingKey ' alias at com.entrust.toolkit.x509.jsse.d.&lt

What are these aliases ? Do you have idea of the reason why they are missing?

This is the line of code throwing the exception 

CLIENT_KEYSTORE_PATH = full path of the "client certificate" pfx file.
CLIENT_KEYSTORE_PASS = password of the pfx file

KeyStore cks = KeyStore.getInstance("PKCS12");
        cks.load(new FileInputStream(CLIENT_KEYSTORE_PATH), CLIENT_KEYSTORE_PASS.toCharArray());
        SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(cks, CLIENT_KEYSTORE_PASS.toCharArray()).build();

Thank you for your help

2 answers

solution1
 0  2018-01-12 17:30:57

Checkout the keytool command that comes bundeld with Java binaries.

You can find how to use it googling on line.

Don't miss the key store type option to specify PKCS12

Here there is a link to one place for example.

solution2
 0  2018-01-12 17:54:20

Error: "The keystore does not contain a private key associated with this alias"

Problem When importing a Code Signing Certificate for Sun Java or Symantec SSL Certificate into a keystore, you receive the following error:

Error: "The keystore does not contain a private key associated with this alias"

Cause This error occurs when one of the following conditions are true:

  • The certificate is being imported into the incorrect keystore.
  • The certificate is being imported into the incorrect alias.

Solution:

To resolve this problem:

  • Locate the correct Keystore. The keystore must be the same keystore that was used to originally generate the Certificate Signing Request (CSR). If a new keystore was generated with the same name and alias, the hash will be different. Therefore, the certificate will still not match the private key in the keystore.

  • Locate the correct alias. To verify the alias, run the following command:

    keytool -list -v -keystore [keystore name]

The correct alias will state Entry type: keyEntry

Once you have located the correct keystore and alias, run the following command to import the certificate: 

keytool -import -trustcacerts -keystore [keystore_filename] -alias [alias_name] -file [cert_file]

Resource Link:

https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO6863&pmv=print&actp=PRINT&viewlocale=en_US

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java & Windows-MY keystore - duplicated aliases Java keystore for android is missing Java Security with KeyStore and public certificates aliases java.security.Keystore aliases on JDK 1.6 vs IBM 1.5 Java keystore Iterating over Windows-MY without using aliases alias mismatch of .pfx file or .p12 file between keytool and java keystore.aliases() Aliases and Java Android app update release with 2 different aliases in the keystore Type aliases for Java generics Can't access all KeyStore aliases on USB Token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM