Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

openssl fails to produce a pfx with a valid alias

I am trying to generate a pfx file to use as a signing mechanism for some JAR files as per these instructions.

To create the pfx file I am using the following command

openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx

This command successfully generates me a pfx file, however, when I try to find the alias using the following command

keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep Alias

I get the following response

Alias name: 2

According to the note linked above (and other research I have done) the Alias returned should look something like this

le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a

If I try to use the Alias value I am getting (e.g. 2) using the following command

jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2

which results in the following error message

jarsigner: Certificate chain not found for: 2.  2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

I am totally stumped as to why I am not getting a correct alias.. Any helpful suggestions ?

Thanks

like image 708
user3198232 Avatar asked Jan 15 '14 13:01

user3198232


People also ask

How do I create a PFX file using OpenSSL?

Create a .pfx/.p12 Certificate File Using OpenSSL 1 Requirements 2 PEM (.pem, .crt, .cer) to PFX. After entering the command, you will be prompted to enter and verify an export password to protect the PFX file. 3 PKCS#7/P7B (.p7b, .p7c) to PFX. P7B files cannot be used to directly create a PFX file. P7B files must be converted to PEM. ...

How to export pkcs12 file in OpenSSL?

Breaking down the command: 1 openssl – the command for executing OpenSSL 2 pkcs12 – the file utility for PKCS#12 files in OpenSSL 3 -export -out certificate.pfx – export and save the PFX file as certificate.pfx 4 -inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate. More items...

What is a P12 file in OpenSSL?

PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. Requirements: The commands below demonstrate examples of how to create a .pfx/.p12 file in the command line using OpenSSL.

Do I need a PFX file for SSL/TLS installation?

If you are creating a PFX to install on Azure Web Apps, or another service requiring a PFX file for SSL/TLS installation, it is recommended to include a full chain of trust in your PFX.


1 Answers

Try using option -name "alias" with command openssl pkcs12.

So, the full command may look like (the rest of options were taken from your question):

openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
like image 92
vond Avatar answered Sep 18 '22 11:09

vond