0

I have a CA pairkey and I need to sign a client pairkey for client authentication. I am using keytool for this. Based on this I have created a .p12 pairkey for my client. Then I create a CSR and then I sign it to have a .cer file.

My problem is that I want to "update" the cert in the p12 with this signed certificate. Basically, I need to import the keypair into the Personal Certificates for client authentication, but Windows will accept the p12 (which is not signed) and not the .cer (since it has no private key).

How can I update the p12 with the new signed public cert? Thanks. NOTE: I prefer not to have any intermediate cert and I don't want to use OpenSSL, I need to use keytool

EDIT - By the way, when I try to import the signed certificate into the .p12 I get a keytool error: java.lang.Exception: Failed to establish chain from reply

EDIT - This link and this link seem to address my problem, but it is using OpenSSL and other tools, not keytool.

user1156544
  • 1,725
  • 2
  • 25
  • 51
  • Can you explain why the -1? What is not clear, or what do you think my question lacks? – user1156544 Jun 30 '17 at 19:41
  • I am not sure why I received some downvotes and close requests. If the question is not well explained, please tell me so, so I can fix it. If you think I didn't do any research, same - so I can tell you all I have tried and queried. If it doesnt belong to SO, suggest a new place. If it is a noob question, well, SO is supposed to help people with newbie questions too – user1156544 Jul 01 '17 at 19:00
  • Questions about how to use tools, even if they are related with programming questions are offtopic in SO. Maybe you can post it in Server Fault – pedrofb Jul 02 '17 at 15:07
  • OK - a bit of feedback is helpful. Normally someone moves my question to other sites when this happens, instead of silently downvoting and requesting to close it. In any case, after a lot of research, I think that current keytool cannot do what I need, unfortunately : ( – user1156544 Jul 02 '17 at 18:17
  • And by the way: https://stackoverflow.com/questions/30634658/how-to-create-a-certificate-chain-using-keytool, https://stackoverflow.com/questions/16333635/keytool-error-bash-keytool-command-not-found, https://stackoverflow.com/questions/6340918/trust-store-vs-key-store-creating-with-keytool, https://stackoverflow.com/questions/5488339/how-can-i-find-and-run-the-keytool, https://stackoverflow.com/questions/19958092/keytool-without-keystore, https://stackoverflow.com/questions/15301005/keytool-cant-find-alias..... – user1156544 Jul 02 '17 at 18:24
  • https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl, etc + Many more. All of them about keytool or how to use tools like Openssl, and no question was close - some have even +1500 upvotes.... – user1156544 Jul 02 '17 at 18:24

0 Answers0