What causes keytool error “Failed to decrypt safe contents entry”?
Sometimes this error is symptomatic of using an incorrect password for the p12 key.
Sometimes this error is symptomatic of using an incorrect password for the p12 key.
Ok, so here was my process: keytool -list -v -keystore permanent.jks – got me the alias. keytool -export -alias alias_name -file certificate_name -keystore permanent.jks – got me the certificate to import. Then I could import it with the keytool: keytool -import -alias alias_name -file certificate_name -keystore keystore location As @Christian Bongiorno says the alias can’t … Read more
keytool comes with the JDK installation (in the bin folder): keytool -importcert -file “your.cer” -keystore your.jks -alias “<anything>” This will create a new keystore and add just your certificate to it. So, you can’t convert a certificate to a keystore: you add a certificate to a keystore.
Convert a JKS file to PKCS12 format (Java 1.6.x and above) keytool \ -importkeystore \ -srckeystore KEYSTORE.jks \ -destkeystore KEYSTORE.p12 \ -srcstoretype JKS \ -deststoretype PKCS12 \ -srcstorepass mysecret \ -deststorepass mysecret \ -srcalias myalias \ -destalias myalias \ -srckeypass mykeypass \ -destkeypass mykeypass \ -noprompt from A few frequently used SSL commands
Those file names represent different parts of the key generation and verification process. Please note that the names are just convention, you could just as easily call the files pepperoni.pizza and the content will be the same, so do be conscious of how you use the filenames. A brief primer on PKI – Keys come … Read more
If using Tomcat 6 and earlier, make sure the keystore password and the key password are same. If using Tomcat 7 and later, make sure they are the same or that the key password is specified in the server.xml file.
I used the following two steps which I found in the comments/posts linked in the other answers: Step one: Convert the x.509 cert and key to a pkcs12 file openssl pkcs12 -export -in server.crt -inkey server.key \ -out server.p12 -name [some-alias] \ -CAfile ca.crt -caname root Note: Make sure you put a password on the … Read more
Ultimately, .keystore and .jks are just file extensions: it’s up to you to name your files sensibly. Some application use a keystore file stored in $HOME/.keystore: it’s usually implied that it’s a JKS file, since JKS is the default keystore type in the Sun/Oracle Java security provider. Not everyone uses the .jks extension for JKS … Read more