Extending expiration date of trustedCertEntry within a keystore
Take a look at this link. It says,
Generates an X.509 v1 self-signed certificate, using keystore information including
the private key and public key associated with alias
So you can update a certificate using -selfcert that are associated with a key. Your first
and third
are trusted certificate entries, where as your second
entry is a PrivateKeyEntry. The certificate for this entry is associated with its PrivateKey
. Where as the other 2 are not.
If those 2 certificates are expired you can only update them with the latest in the same way you added them to the keystore in the first place. By doing -importcert.
Note: -selfcert
is now obsolete. You can read more about it here.
Related videos on Youtube
McLovin
Updated on September 14, 2022Comments
-
McLovin over 1 year
Using keytool, I am trying to extend the expiration date of a trustedCertEntry within a keystore that I have. The keystore has the contents below
$ keytool -list -keystore certs/authTruststore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries sts, Nov 11, 2013, trustedCertEntry, Certificate fingerprint (SHA1): 8D:33:B7:69:DE:75:8F:22:E2:95:2C:EB:93:65:41:31:42:A6:E3:A7 __ localhost, Nov 11, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): F4:A9:84:1E:7F:BF:5D:71:58:74:E4:C6:00:49:37:49:38:3E:31:BE __ security_localhost, Nov 11, 2013, trustedCertEntry, Certificate fingerprint (SHA1): 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D
I can successfully modify the expiration date of the second entry, localhost of type PrivateKeyEntry but when attempting to modify the expirations of the other two with the same command I get the following error:
$ keytool -selfcert -v -alias security_localhost -validity 3650 -keystore certs/authTruststore.jks -storepass **** keytool error: java.lang.Exception: Alias <localhost> has no key java.lang.Exception: Alias <localhost> has no key at sun.security.tools.KeyTool.recoverKey(KeyTool.java:3095) at sun.security.tools.KeyTool.doSelfCert(KeyTool.java:2442) at sun.security.tools.KeyTool.doCommands(KeyTool.java:1071) at sun.security.tools.KeyTool.run(KeyTool.java:340) at sun.security.tools.KeyTool.main(KeyTool.java:333)
How can I go about extending these expiration dates?
-
Emile ASTIH over 3 yearsCan you please post the command you used to extend the validity of the certificate of type "trustedCertEntry" ? Or can you post the steps needed to do so ?
-
always_a_rookie over 3 yearskeytool -importcert -keystore YOUR_KEYSTORE -storepass PASSWORD -alias ALIAS -file NEW_CERT_FILE