发表新帖
发表新帖

Jarsigner: certificate chain not found for

前端 未结
关注
4 1520
日久生厌
日久生厌 2021-02-07 00:00

I have imported a certificate into a private ~/.keystore file:

keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Yo
相关标签:
4条回答
  • 感情败类
    2021-02-07 00:03

    I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:

    jarsigner: Certificate chain not found for:

    Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.

    1. Issue this command:

      keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt

    (This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)

    1. Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"

    Let's say this string is "my alias name, a.p.’s my ca limited id"

    1. Use jarsigner:

      jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"

    0 讨论(0)
  • 礼貌的吻别
    2021-02-07 00:11

    Short Answer

    Use your alias key instead of key store like this:

    jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

    More Details

    Here are the easiest way to solve this error:

    1. Go to bin folder .. it may be in this path:

    C:\Users[Your computer name]\jdk\bin

    or this path:

    C:\Program Files\Java\jre1.8.0_77\bin

    1. To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.

    2. Get your alias key by run this command:

      keytool -keystore [your key store] -list -v

    3. Finally run this command:

      jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

    0 讨论(0)
  • 长情又很酷
    2021-02-07 00:17

    It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything

    0 讨论(0)
  • 长发绾君心
    2021-02-07 00:20

    I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.

    If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type

    Entry type: PrivateKeyEntry
Certificate chain length: 3

    For the entry. If you have done it wrong the you will have two entries

    Entry type: PrivateKeyEntry
Certificate chain length: 1

    and

    Entry type: trustedCertEntry
    0 讨论(0)
 看不清?
提交回复
热议问题