Menu
I am trying to generate a pfx file to use as a signing mechanism for some JAR files as per these instructions.
To create the pfx file I am using the following command
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx
This command successfully generates me a pfx file, however, when I try to find the alias using the following command
keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep Alias
I get the following response
Alias name: 2
According to the note linked above (and other research I have done) the Alias returned should look something like this
le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a
If I try to use the Alias value I am getting (e.g. 2) using the following command
jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2
which results in the following error message
jarsigner: Certificate chain not found for: 2. 2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I am totally stumped as to why I am not getting a correct alias.. Any helpful suggestions ?
Thanks
708
Create a .pfx/.p12 Certificate File Using OpenSSL 1 Requirements 2 PEM (.pem, .crt, .cer) to PFX. After entering the command, you will be prompted to enter and verify an export password to protect the PFX file. 3 PKCS#7/P7B (.p7b, .p7c) to PFX. P7B files cannot be used to directly create a PFX file. P7B files must be converted to PEM. ...
Breaking down the command: 1 openssl – the command for executing OpenSSL 2 pkcs12 – the file utility for PKCS#12 files in OpenSSL 3 -export -out certificate.pfx – export and save the PFX file as certificate.pfx 4 -inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate. More items...
PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. Requirements: The commands below demonstrate examples of how to create a .pfx/.p12 file in the command line using OpenSSL.
If you are creating a PFX to install on Azure Web Apps, or another service requiring a PFX file for SSL/TLS installation, it is recommended to include a full chain of trust in your PFX.
Try using option -name "alias" with command openssl pkcs12.
So, the full command may look like (the rest of options were taken from your question):
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
