Android signing error: trusted certificate entries are not password-protected

Question

Got a certificate to sign the android unsigned release apk files, So I imported the cer using command:

keytool -import -alias alias_name -file cer_name.cer -storepass changeit  -keystore my_keystore.keystore

But when signing the app with android studio it produces error:

Error:Execution failed for task ':packageDebug'.
> com.android.ide.common.signing.KeytoolException: Failed to read key alias_name from store "C:\Users\username\my_keystore.keystore": trusted certificate entries are not password-protected

My deductions said that because the keys are not password protected so i tried again and set the password for keys using:

keytool -import -alias alias_name -file cer_name.cer -storepass changeit -keypass changeit -keystore my_keystore.keystore

But still the error persist.

I also tried with manual procedure with jarsigner:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my_keystore.keystore unsigned-release.apk alias_name

Got error:

jarsigner: Certificate chain not found for: alias_name.  alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

Please help I am unable to get relevant post on this error for Android apk signings

Answer 1

*.cer files usually only contain certificates, not the private key needed to sign an APK.

List the content of the keystore :

keytool -list -v -keystore my_keystore.keystore

And look for the Entry type: line (for the corresponding alias). The value must be PrivateKeyEntry, not trustedCertEntry

Answer 2

I highly recommend getting Keystore Explorer. This program saved my life more than once when I was having some keystore and cert issues. It's free and open source, and an easy to navigate GUI. It can make new keypairs and import existing key pairs into your keystore. I started using it about 3 years ago and it is still in my folder for dev tools.