Android signing error: trusted certificate entries are not password-protected
Solution 1
*.cer files usually only contain certificates, not the private key needed to sign an APK.
List the content of the keystore :
keytool -list -v -keystore my_keystore.keystore
And look for the Entry type:
line (for the corresponding alias). The value must be PrivateKeyEntry
, not trustedCertEntry
Solution 2
I highly recommend getting Keystore Explorer. This program saved my life more than once when I was having some keystore and cert issues. It's free and open source, and an easy to navigate GUI. It can make new keypairs and import existing key pairs into your keystore. I started using it about 3 years ago and it is still in my folder for dev tools.
Related videos on Youtube
Sanjay Singh
3 yrs and counting as Java Developer, love to work in Groovy and Angular as well.
Updated on June 05, 2022Comments
-
Sanjay Singh about 2 years
Got a certificate to sign the android unsigned release apk files, So I imported the cer using command:
keytool -import -alias alias_name -file cer_name.cer -storepass changeit -keystore my_keystore.keystore
But when signing the app with android studio it produces error:
Error:Execution failed for task ':packageDebug'. > com.android.ide.common.signing.KeytoolException: Failed to read key alias_name from store "C:\Users\username\my_keystore.keystore": trusted certificate entries are not password-protected
My deductions said that because the keys are not password protected so i tried again and set the password for keys using:
keytool -import -alias alias_name -file cer_name.cer -storepass changeit -keypass changeit -keystore my_keystore.keystore
But still the error persist.
I also tried with manual procedure with jarsigner:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my_keystore.keystore unsigned-release.apk alias_name
Got error:
jarsigner: Certificate chain not found for: alias_name. alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Please help I am unable to get relevant post on this error for Android apk signings
-
Bassinator about 6 yearsI am stuck on this as well. I'm a little frustrated that none of the people on the internet with the same problem have stated their solutions, so I'm starting a bounty.
-
Fabricio almost 6 yearsI'm having the same issue. I opened a request at Google to reset my key, but they just changed the upload key on their side and I still don't have the private key to sign the apk. It is a shame how this process is badly documented...
-
-
Bassinator about 6 yearsOkay - this explains the problem, but not the solution.
-
bwt about 6 yearsYou need a file containing the private key, for example a pkcs12 (usually *.p12) which you can import in the keystore
-
bwt about 6 yearsBy the way the key is usually not imported but generated from scratch because Android does not care about a real certificate (with a valid certificate chain), it only use the private key
-
ogarzonm about 4 yearsGreat your save my life.
-
Timothy Winters about 4 years@ogarzonm Glad I could help
-
Bhavin Patel over 3 yearsI converted google der into jks but because of
trustedCertEntry
its throwing error Cause: trusted certificate entries are not password-protected