On 2/3/2010 11:56 AM, Anna Gellatly wrote:
Thanks for the info David .
When I run this command:
/usr/java/current/bin/keytool -importkeystore -srckeystore
/proximo/config/cluster/trusted.keystore -srcalias mykkey -destkeystore
test.p12 -deststoretype PKCS12
and put in the destination password and source passwords I get:
keytool error: java.lang.Exception: Alias <mykkey> does not exist
Both Java and NSS have a method of referencing a cert/key in their
respective key/cert storage mechanisms. It's how you say, "I want
*THIS* key". There's nothing stopping you from having several different
key/cert entries in a single keystore/db. Java calls these references
aliases. NSS calls them nicknames but they serve the same purpose.
You need to do a keytool -list on your keystore to list all the aliases
and use the appropriate alias for the private key and cert you are
trying to export so you can use with NSS. Note, unless you see both
PrivateKeyEntry and a cert fingerprint listed, what you're trying to do
won't work as you don't have both the key and cert in the KeyStore.
For example:
<alias>, Feb 3, 2010, PrivateKeyEntry,
Certificate fingerprint (MD5):
79:90:B6:71:55:F1:F2:35:AD:44:76:83:8F:3C:F6:F1
Also, on the NSS side you will need to either import the full chain of
the certs into the DB, (Using certutil) or mark your cert as explicitly
trusted (again, using certutil) for things to work properly.
I was showing you the commands as an example for what you need to do.
You need to tailor the specific arguments of those commands to your
situation.
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
