0

Hi i am new to SSL handshake . I have downloaded the server certificate from browser and trying to make a keystore using keytool . The certificate i am storing as .cer with der encoding . but i am getting following 

keytool error: java.security.KeyStoreException: DER not found

i have tried below commands

  keytool -importkeystore -v -srckeystore certificate.cer -srcstoretype DER- destkeystore avg_clientcerts.keystore.jks -deststoretype JKS -storetype JKS

and changing certificate with .der extension

keytool -importkeystore -v -srckeystore certificate.der -srcstoretype DER -destkeystore avg_clientcerts.keystore.jks -deststoretype JKS -storetype JKS

getting error as 

keytool error: java.security.KeyStoreException: DER not found
java.security.KeyStoreException: DER not found
    at java.security.KeyStore.getInstance(KeyStore.java:851)
    at sun.security.tools.keytool.Main.loadSourceKeyStore(Main.java:2020)
    at sun.security.tools.keytool.Main.doCommands(Main.java:1074)
    at sun.security.tools.keytool.Main.run(Main.java:366)
    at sun.security.tools.keytool.Main.main(Main.java:359)
Caused by: java.security.NoSuchAlgorithmException: DER KeyStore not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
    at java.security.Security.getImpl(Security.java:695)
    at java.security.KeyStore.getInstance(KeyStore.java:848)
    ... 4 more

This is how i am importing the certificate

enter image description here

vimal
  • 27
  • 1
  • 2
  • What is DER? The only supported keystore types I'm aware of are JKS and PKCS11. And a certificate file is not a keystore. You seem to be using the wrong commands, or to be making them up. – user207421 Jan 26 '18 at 12:09
  • can you tell me how can i make call to https url from my java program . I have downloaded server certificate from browser . Steps will be really helpful – vimal Jan 26 '18 at 12:49

1 Answers1

2

As far as I understand from your question, you are trying to import public certificate to your application to enable secure communication between your application and the server you are trying to access, if the server you are trying to access have a certificate signed by a global CA, then you probably should not have to do this, but seems, it doesn't.

Then what you should do, not create a keystore instead import public key to your already existing keystore.

In short your command should be something similar to following.

keytool -importcert -file certificate.der -keystore avg_clientcerts.keystore.jks -alias "<<domain_name>>"

here is a much detailed explanation about this process

Murat Güvenç
  • 111
  • 1
  • 5