Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to import certificate to keystore Entry type: keyEntry?

1833327Oct 2 2015 — edited Oct 2 2015

Hi Team,

I am facing a similar issue that one of our colleague has faced couple of years earlier regarding installing certificates.

When I am trying to install the new certificate on my AIX server, after adding all root, intermediate and main certificate, the message that comes is "Certificate was added to keystore", but what we would expect is "Certificate reply was installed in keystore".

On comparing with the old certificate, I could see the difference in Entry type as mentioned in the below post.

Could someone enlighten me with their knowledge.

---------------------------------------------------------------------------------------

Hi, I need your help to import a digital certificate, received a new version of the certificate to install, but the Jboss 7 does not recognize the new imports, I noticed that there is a difference in the key store between the old and the new keystore.

Old KeyStore (Working):

Keystore type: jks

Keystore provider: SUN

Your keystore contains 4 entries

Alias name: root

Creation date: 19/10/2012

Entry type: trustedCertEntry

Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: 40000000001154b5ac394

Valid from: Tue Sep 01 09:00:00 BRT 1998 until: Fri Jan 28 10:00:00 BRST 2028

Certificate fingerprints:

  MD5:  3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A

  SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C

*******************************************


Alias name: extranet2.xxxxxxxxx.com.br

Creation date: 10/10/2013

Entry type: trustedCertEntry

Owner: CN=extranet2.xxxxxxxxx.com.br, O=XXX XXXXXX, OU=XXXXXX, L=Blumenau, ST=Santa Catarina, C=BR

Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxx

Valid from: Thu Oct 10 11:52:13 BRT 2013 until: Sat Oct 11 11:52:13 BRT 2014

Certificate fingerprints:

  MD5:  2C:8F:1A:77:6A:BB:B7:EA:3F:9B:0A:A2:1B:45:97:82

  SHA1: AB:45:A3:62:B9:82:4D:4F:38:C4:17:5C:EC:66:2A:96:A8:2C:08:CB

*******************************************

*******************************************

Alias name: intermediate

Creation date: 10/10/2013

Entry type: trustedCertEntry

Owner: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxx

Valid from: Wed Apr 13 07:00:00 BRT 2011 until: Wed Apr 13 07:00:00 BRT 2022

Certificate fingerprints:

  MD5:  95:FE:3A:E5:FA:B7:BA:36:6F:C5:B3:37:68:4E:83:8D

  SHA1: 1D:31:4E:8E:56:D3:63:3B:48:F6:75:6D:4C:E5:79:C6:70:33:38:BD

*******************************************

*******************************************

Alias name: help

Creation date: 22/10/2012

Entry type: keyEntry

Certificate chain length: 3

Certificate[1]:

Owner: CN=extranet2.xxxxxxxxx.com.br, O=XXX XXXXXX, OU=XXXXXX, L=Blumenau, ST=Santa Catarina, C=BR

Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Valid from: Thu Oct 18 15:04:07 BRT 2012 until: Sat Oct 19 15:04:07 BRT 2013

Certificate fingerprints:

  MD5:  B8:7C:76:5E:5C:16:31:44:97:43:3A:36:E2:36:80:06

  SHA1: E3:9D:59:B9:0D:AD:B8:E3:44:95:F8:17:29:00:3F:25:F8:39:C2:26

Certificate[2]:

Owner: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxxxxx

Valid from: Wed Apr 13 07:00:00 BRT 2011 until: Wed Apr 13 07:00:00 BRT 2022

Certificate fingerprints:

  MD5:  95:FE:3A:E5:FA:B7:BA:36:6F:C5:B3:37:68:4E:83:8D

  SHA1: 1D:31:4E:8E:56:D3:63:3B:48:F6:75:6D:4C:E5:79:C6:70:33:38:BD

Certificate[3]:

Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxxxxxxx

Valid from: Tue Sep 01 09:00:00 BRT 1998 until: Fri Jan 28 10:00:00 BRST 2028

Certificate fingerprints:

  MD5:  3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A

  SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C

*******************************************

*******************************************

I am importing the new certificate with the following command:

keytool -import -alias help -file extranet2_2013.crt -keystore keystore.jks

but the new keystore does not work, I think the problem is the type of input keyEntry that the new keystore is of type: trustedCertEntry and has Certificates Aggregates.

New Keystore:

Keystore type: jks

Keystore provider: SUN

Your keystore contains 3 entries

Alias name: root

Creation date: 19/10/2012

Entry type: trustedCertEntry

Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxx

Valid from: Tue Sep 01 09:00:00 BRT 1998 until: Fri Jan 28 10:00:00 BRST 2028

Certificate fingerprints:

  MD5:  3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A

  SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C

*******************************************

*******************************************

Alias name: intermediate

Creation date: 10/10/2013

Entry type: trustedCertEntry

Owner: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxxxx

Valid from: Wed Apr 13 07:00:00 BRT 2011 until: Wed Apr 13 07:00:00 BRT 2022

Certificate fingerprints:

  MD5:  95:FE:3A:E5:FA:B7:BA:36:6F:C5:B3:37:68:4E:83:8D

  SHA1: 1D:31:4E:8E:56:D3:63:3B:48:F6:75:6D:4C:E5:79:C6:70:33:38:BD

*******************************************

*******************************************

Alias name: help

Creation date: 14/10/2013

Entry type: trustedCertEntry

Owner: CN=extranet2.XXXXXXXX.com.br, O=XXXXXXXXXX, OU=XXXXXX, L=Blumenau, ST=Santa Catarina, C=BR

Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Valid from: Thu Oct 10 11:52:13 BRT 2013 until: Sat Oct 11 11:52:13 BRT 2014

Certificate fingerprints:

  MD5:  2C:8F:1A:77:6A:BB:B7:EA:3F:9B:0A:A2:1B:45:97:82

  SHA1: AB:45:A3:62:B9:82:4D:4F:38:C4:17:5C:EC:66:2A:96:A8:2C:08:CB

*******************************************

*******************************************
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 30 2015
Added on Oct 2 2015
#java-secure-socket-extension-jsse, #ssl
0 comments
2,630 views