Cannot import certificate into java control panel
keytool -certreq
creates certificate request also known as PKCS#10, which should be provided to Certificate Authority to get a real certificate. Then you upload it to the tool, which expects certificate.
From these lines in the stacktrace
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog.importPKCS12Certificate(Unknown Source)
I can tell that UI actually expects keystore in PKCS#12 format with certificate inside, not just a separate certificate.
This is how you can generate a keystore with self-signed certificate with a keytool
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \
-storepass password -validity 360 -keysize 2048
However, this will create keystore in JKS format and that have to be converted to PKCS#12 format with a command
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS \
-deststoretype PKCS12 -destkeystore keystore.p12
or alternatively keystore can be created in PKCS#12 format with specifying -storetype
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.p12 \
-storetype pkcs12 -storepass password -validity 360 -keysize 2048
Note that the keystore contains self-singed certificate together with the corresponding private key.
Related videos on Youtube
Raymond Holguin
Updated on September 15, 2022Comments
-
Raymond Holguin over 1 year
I am trying to import a self-signed certificate into the trusted certificates in the java control panel. it is under the security tab-> Manage Certificates. No matter how simple the password is i set on the keystore, the import program always tells me my password is invalid after i type it in. I have also tried changing the certificate type but no luck..li tried all of them. Here are the simple steps i used to create my files
keytool -genkey -keyalg RSA -keysize 2048 -keystore test_keystore.jks -alias test
Then I generate my CSR file which the java control panel takes as an input
keytool -certreq -alias test -keystore test_keystore.jks -file test_certificate_request.csr
Since this is just a test, the passwords I am setting are super simple so its not an issue of using the wrong password or typing it incorrectly. Yet every time i import the test_certificate_request.csr file i created it it tells me invalid password.
In case it matters, here is the full strack trace generated from the import program when i click on the "more information" button.
java.io.IOException: toDerInputStream rejects tag type 45 at sun.security.util.DerValue.toDerInputStream(Unknown Source) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(Unknown Source) at com.sun.deploy.panel.CertificatesDialog.importPKCS12Certificate(Unknown Source) at com.sun.deploy.panel.CertificatesDialog.importButtonActionPerformed(Unknown Source) at com.sun.deploy.panel.CertificatesDialog.access$200(Unknown Source) at com.sun.deploy.panel.CertificatesDialog$4.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$200(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.WaitDispatchSupport$2.run(Unknown Source) at java.awt.WaitDispatchSupport$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.awt.WaitDispatchSupport.enter(Unknown Source) at java.awt.Dialog.show(Unknown Source) at java.awt.Component.show(Unknown Source) at java.awt.Component.setVisible(Unknown Source) at java.awt.Window.setVisible(Unknown Source) at java.awt.Dialog.setVisible(Unknown Source) at com.sun.deploy.panel.SecurityPanel.certsBtnActionPerformed(Unknown Source) at com.sun.deploy.panel.SecurityPanel.access$300(Unknown Source) at com.sun.deploy.panel.SecurityPanel$4.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$200(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source)
What am i doing wrong?
-
Raymond Holguin about 10 yearsThanks worked perfectly. The input file on the import program lists both p12 and csr files as valid inputs, so its strange that only p12 files work.
-
divanov about 10 yearsThis is actually a very good question, because normally certificates have .cer or .crt extensions.