Jarsigner: certificate chain not found for

java keytool jarsigner
49,462

Solution 1

It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything

Solution 2

I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:

jarsigner: Certificate chain not found for:

Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.

  1. Issue this command:

    keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt

(This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)

  1. Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"

Let's say this string is "my alias name, a.p.’s my ca limited id"

  1. Use jarsigner:

    jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"

Solution 3

Short Answer

Use your alias key instead of key store like this:

jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

More Details

Here are the easiest way to solve this error:

  1. Go to bin folder .. it may be in this path:

C:\Users[Your computer name]\jdk\bin

or this path:

C:\Program Files\Java\jre1.8.0_77\bin

  1. To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.

  2. Get your alias key by run this command:

    keytool -keystore [your key store] -list -v

  3. Finally run this command:

    jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

Solution 4

I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.

If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type

Entry type: PrivateKeyEntry
Certificate chain length: 3

For the entry. If you have done it wrong the you will have two entries

Entry type: PrivateKeyEntry
Certificate chain length: 1

and

Entry type: trustedCertEntry
Share:
49,462
Robert Munteanu
Author by

Robert Munteanu

Summary In one life, I am Robert Munteanu, software engineer for a respectable software company. I write clean Java code, I maintain application builds ... help my colleagues discover bugs with automated analysis tools. The other life is lived in open source, where I go by the developer alias "Rombert" and try go get my code in virtually every open source software I have an use for.

Updated on January 23, 2021

Comments

  • Robert Munteanu
    Robert Munteanu over 3 years

    I have imported a certificate into a private ~/.keystore file:

    keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

mylyn-mantis, Jul 15, 2010, trustedCertEntry

    and am trying to sign a jar with it, but I get a 'certificate chain not found' error.

    jarsigner -verbose  /home/robert/file.jar mylyn-mantis
jarsigner: Certificate chain not found for: mylyn-mantis.  mylyn-mantis must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

    How can I solve this problem?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to convert .pfx file to keystore with private key?
Cert validation path error when debugging in Android Studio
'keytool' is not recognized as an internal or external command
How to automatically install self signed certificate in IE Trusted Root Certification Authorities store
Keystore: delete password
Generating 128-bit keys with keytool
Keytool says alias both exists and does not exist. How do I start from scratch with a clean slate?
Keytool giving error for Illegal option: -alias
Creating pkcs12 using Java API failes due to error: java.security.KeyStoreException: TrustedCertEntry not supported
Jarsigner: "This jar contains entries whose certificate chain is not validated."