Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Extending expiration date of trustedCertEntry within a keystore

Tags:

java

certificate

keystore

private-key

truststore

Using keytool, I am trying to extend the expiration date of a trustedCertEntry within a keystore that I have. The keystore has the contents below

$ keytool -list -keystore certs/authTruststore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

sts, Nov 11, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): 8D:33:B7:69:DE:75:8F:22:E2:95:2C:EB:93:65:41:31:42:A6:E3:A7
__
localhost, Nov 11, 2013, PrivateKeyEntry,
Certificate fingerprint (SHA1): F4:A9:84:1E:7F:BF:5D:71:58:74:E4:C6:00:49:37:49:38:3E:31:BE
__    
security_localhost, Nov 11, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D

I can successfully modify the expiration date of the second entry, localhost of type PrivateKeyEntry but when attempting to modify the expirations of the other two with the same command I get the following error:

$ keytool -selfcert -v -alias security_localhost -validity 3650 -keystore certs/authTruststore.jks -storepass ****

keytool error: java.lang.Exception: Alias <localhost> has no key
java.lang.Exception: Alias <localhost> has no key
    at sun.security.tools.KeyTool.recoverKey(KeyTool.java:3095)
    at sun.security.tools.KeyTool.doSelfCert(KeyTool.java:2442)
    at sun.security.tools.KeyTool.doCommands(KeyTool.java:1071)
    at sun.security.tools.KeyTool.run(KeyTool.java:340)
    at sun.security.tools.KeyTool.main(KeyTool.java:333)

How can I go about extending these expiration dates?

like image 669
McLovin Avatar asked Nov 01 '22 14:11

McLovin

1 Answers

Take a look at this link. It says,

Generates an X.509 v1 self-signed certificate, using keystore information including
the private key and public key associated with alias

So you can update a certificate using -selfcert that are associated with a key. Your first and third are trusted certificate entries, where as your second entry is a PrivateKeyEntry. The certificate for this entry is associated with its PrivateKey. Where as the other 2 are not.

If those 2 certificates are expired you can only update them with the latest in the same way you added them to the keystore in the first place. By doing -importcert.

Note: -selfcert is now obsolete. You can read more about it here.

like image 143
always_a_rookie Avatar answered Nov 09 '22 07:11

always_a_rookie
Sign in to Comment

Related questions

Anything for deciding default paper size based on locale?
Wrapping InputStream to non blocking ReadableByteChannel
Accessing Java default methods in a subinterface or implementation class
Values not Displaying for Expression Language
Unit Test using the DomainClassConverter feature of Spring
Returning a casted object based on input Enum value
Can I delete the old folders after updating JDK
JPA Criteria Query with predicate that compares a field annotated @Convert gets a ORA-00932 upon execution
Eclipse console link, duplicate filenames in package structure, which is opened?
Can I reload stylesheets in JavaFX 8 without a JVM restart?
Netbeans ant build error 'unsupported element customize'
Why does Eclipse let me compile some Java 7 language features into Java 6 class files?
Keeping the session Open in JUnit/JPA/Hibernate/Struts and Spring integration test - No Session or session closed - LazyInitialization Exception
Weka always producing same clusters for different data
Wildfly8/jBoss wraps Logback logs (Double prefix)
How to attach VisualVM and start profiling immediatedly with application start?
How can I define a task named with a hyphen?
Spring, JavaConfig, BeanDefinition and empty getBeanClassName
Spring Batch Transaction Exception:Existing transaction detected in JobRepository
FileNotFoundException running JBehave (Maven Project, IntelliJ)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!