Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keytool keeps giving SHA256 sigalg instead of requested alg

Tags:

ssl

tomcat

keytool

csr

I am using Keytool in java to generate a keystore/CSR to submit to a certificate Authority.

My CA only supports MD5withRSA and SHA1withRSA

Everytime I use keytool to create the keystore and export the CSR I am getting a SHA256withRSA signature Algorithm.

I've tried manually setting the -sigalg but it keeps going to sha256 everytime whether i try to set it to md5 or sha1

Can someone advise me on what I'm doing wrong

keytool -genkey -alias server -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks

keytool -genkey -alias server -keyalg RSA -sigalg MD5withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks

Both commands create a csr that shows SHA256withRSA

like image 638
Moylin Avatar asked Jan 04 '13 19:01

Moylin

People also ask

What is Sigalg?

sigalg specifies the algorithm that is used to sign the self-signed certificate; this algorithm must be compatible with keyalg. Set the -sigalg argument to be a valid SHA2 value. For example, if RSA is the value that is used with the -keyalg argument for the keytool command, use -sigalg SHA256withRSA .

What is Trustcacerts in Keytool command?

The -trustcacerts argument tells keytool that you want to import this as a trusted certificate. Use the cacerts file to obtain trusted certificates from certificate authorities that have signed the certificate that is being imported.

How do I delete a Keytool alias?

Check the contents of the trust store by entering the following in the command prompt: <JAVA_HOME>\bin\keytool -list -v -keystore truststore -storepass access . Note the alias names of the certificates you want to remove. Enter <JAVA_HOME>\bin\keytool -delete -alias <alias name> -keystore truststore.

2 Answers

You should add -sigalg SHA1WithRSA parameter to the second keytool call, where CSR is actually generated.

like image 136
Nickolay Olshevsky Avatar answered Sep 17 '22 05:09

Nickolay Olshevsky

$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA1withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365

like image 34
user3123372 Avatar answered Sep 20 '22 05:09

user3123372
Sign in to Comment

Related questions

How to specify custom JRE path for Apache Tomcat in Intellij IDEA?
Manually parsing parameters from put request in tomcat
Folder issues with Tomcat 7 on Ubuntu
how does Tomcat or any webserver handles requests and dispatches responses?
Unable to hit the Servlet page
Cannot access spring boot application after deployment in tomcat
Tomcat7 + Maven plugin: Tomcat will not start with my war
How to fix tomcat org.apache.tomcat.util.http.parser.HttpParser.<clinit> Character [[] is not allowed and will continue to be rejected
Spring Boot 2.1.1: UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending
What is fundamental difference between NIO and BIO in Tomcat?
Hudson - Maven is failing (cannot create /dev/null/.m2) on Tomcat-6 - Gentoo
How to mount context-referenced Tomcat application with mod_jk?
Apache Tomcat Request Threads
How is a JSP page detected and converted to a Servlet by Tomcat?
Tomcat 6.0 and Eclipse. Multiple instances of the server behave differently
How to pass a system property to a web application hosted in Tomcat 7 running as a Windows Service?
JSF resource versioning
How to split server.xml of apache tomcat into several separate files?
How to get multipartentity from httpservletrequest
How to set up a JDBCRealm in Apache Tomcat 7?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!