OpenSSL/Keytool Unable to find/load
I am reasonably unfamiliar with certificates, espeacially as they are used in XAMPP and Java.
I have managed to take a publicly signed wildcard PEM file (*.companyname.eu) and get it loaded into XAMPP. I'm using the wildcard as the CRT and a locally generated private key as the .key file.
Now, I need to load these certificates into Java. What I find online is to convert the CRT and KEY files into a P12 format using openssl:
openssl pkcs12 -export -in server.crt -inkey server.key -out serverp12.p12
This results in "unable to load certificates", even though I've ensured these files are in the openssl/bin folder with the openssl application. I was able to get a PFX from using the -nokeys parameter, only converting the public certificate from GlobalSign without adding the private key.
Ultimately, I want to import these certificates into Java, and when I try Keytool with some other formats, I have similar results. I tried to import to a new keystore with only the PFX file from before.
C:Program FilesJavajre1.8.0_191bin>keytool -importkeystore -srckeystore serverp12.pfx -srcstoretype pfx -destkeystore serverp12.jks -deststoretype jks
Importing keystore serverp12.pfx to serverp12.jks...
Enter destination keystore password:
Re-enter new password:
keytool error: java.security.KeyStoreException: PFX not found
1st Question: do I require a private key in Java for my server to use SSL publicly? Is a "legit" wildcard certificate good enough?
2d Question: Can anyone point me to a good (dummy's) explanation of what keys are needed for which application? I've converted my PEM file into 45 different filenames and formats in the past week. Its all a blur to me, and I'm curious if anyone else has pioneered their way through this with some good advice.
java ssl certificate openssl
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
add a comment |
I am reasonably unfamiliar with certificates, espeacially as they are used in XAMPP and Java.
I have managed to take a publicly signed wildcard PEM file (*.companyname.eu) and get it loaded into XAMPP. I'm using the wildcard as the CRT and a locally generated private key as the .key file.
Now, I need to load these certificates into Java. What I find online is to convert the CRT and KEY files into a P12 format using openssl:
openssl pkcs12 -export -in server.crt -inkey server.key -out serverp12.p12
This results in "unable to load certificates", even though I've ensured these files are in the openssl/bin folder with the openssl application. I was able to get a PFX from using the -nokeys parameter, only converting the public certificate from GlobalSign without adding the private key.
Ultimately, I want to import these certificates into Java, and when I try Keytool with some other formats, I have similar results. I tried to import to a new keystore with only the PFX file from before.
C:Program FilesJavajre1.8.0_191bin>keytool -importkeystore -srckeystore serverp12.pfx -srcstoretype pfx -destkeystore serverp12.jks -deststoretype jks
Importing keystore serverp12.pfx to serverp12.jks...
Enter destination keystore password:
Re-enter new password:
keytool error: java.security.KeyStoreException: PFX not found
1st Question: do I require a private key in Java for my server to use SSL publicly? Is a "legit" wildcard certificate good enough?
2d Question: Can anyone point me to a good (dummy's) explanation of what keys are needed for which application? I've converted my PEM file into 45 different filenames and formats in the past week. Its all a blur to me, and I'm curious if anyone else has pioneered their way through this with some good advice.
java ssl certificate openssl
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
add a comment |
I am reasonably unfamiliar with certificates, espeacially as they are used in XAMPP and Java.
I have managed to take a publicly signed wildcard PEM file (*.companyname.eu) and get it loaded into XAMPP. I'm using the wildcard as the CRT and a locally generated private key as the .key file.
Now, I need to load these certificates into Java. What I find online is to convert the CRT and KEY files into a P12 format using openssl:
openssl pkcs12 -export -in server.crt -inkey server.key -out serverp12.p12
This results in "unable to load certificates", even though I've ensured these files are in the openssl/bin folder with the openssl application. I was able to get a PFX from using the -nokeys parameter, only converting the public certificate from GlobalSign without adding the private key.
Ultimately, I want to import these certificates into Java, and when I try Keytool with some other formats, I have similar results. I tried to import to a new keystore with only the PFX file from before.
C:Program FilesJavajre1.8.0_191bin>keytool -importkeystore -srckeystore serverp12.pfx -srcstoretype pfx -destkeystore serverp12.jks -deststoretype jks
Importing keystore serverp12.pfx to serverp12.jks...
Enter destination keystore password:
Re-enter new password:
keytool error: java.security.KeyStoreException: PFX not found
1st Question: do I require a private key in Java for my server to use SSL publicly? Is a "legit" wildcard certificate good enough?
2d Question: Can anyone point me to a good (dummy's) explanation of what keys are needed for which application? I've converted my PEM file into 45 different filenames and formats in the past week. Its all a blur to me, and I'm curious if anyone else has pioneered their way through this with some good advice.
java ssl certificate openssl
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
I am reasonably unfamiliar with certificates, espeacially as they are used in XAMPP and Java.
I have managed to take a publicly signed wildcard PEM file (*.companyname.eu) and get it loaded into XAMPP. I'm using the wildcard as the CRT and a locally generated private key as the .key file.
Now, I need to load these certificates into Java. What I find online is to convert the CRT and KEY files into a P12 format using openssl:
openssl pkcs12 -export -in server.crt -inkey server.key -out serverp12.p12
This results in "unable to load certificates", even though I've ensured these files are in the openssl/bin folder with the openssl application. I was able to get a PFX from using the -nokeys parameter, only converting the public certificate from GlobalSign without adding the private key.
Ultimately, I want to import these certificates into Java, and when I try Keytool with some other formats, I have similar results. I tried to import to a new keystore with only the PFX file from before.
C:Program FilesJavajre1.8.0_191bin>keytool -importkeystore -srckeystore serverp12.pfx -srcstoretype pfx -destkeystore serverp12.jks -deststoretype jks
Importing keystore serverp12.pfx to serverp12.jks...
Enter destination keystore password:
Re-enter new password:
keytool error: java.security.KeyStoreException: PFX not found
1st Question: do I require a private key in Java for my server to use SSL publicly? Is a "legit" wildcard certificate good enough?
2d Question: Can anyone point me to a good (dummy's) explanation of what keys are needed for which application? I've converted my PEM file into 45 different filenames and formats in the past week. Its all a blur to me, and I'm curious if anyone else has pioneered their way through this with some good advice.
java ssl certificate openssl
java ssl certificate openssl
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
edited Jan 16 at 13:49
Romeo Ninov
1,78921014
1,78921014
asked Jan 16 at 13:13
user985915user985915
61
asked Jan 16 at 13:13
user985915user985915
61
asked Jan 16 at 13:13
user985915user985915
61
61
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394944%2fopenssl-keytool-unable-to-find-load%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394944%2fopenssl-keytool-unable-to-find-load%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
