0

I have to create a KeyStore with a certificate already available in another KeyStore. But when I import that certificate, it is added as a trusted cert entry in the new Keystore.

I have a similar Keystore that works fine. If I do a copy of that Keystore and import it in my Keystore, I'd see that I have 2 private key entry, mine and that of the old Keystore. If I delete my private key and leave the old key, it works.

My question is "how to export the certificate of old Keystore and use it in my new Keystore".

Thanks!

SuleymanSah
  • 17,153
  • 5
  • 33
  • 54
EAbdellah
  • 1
  • 1
    You've already done it. You can't just import the certificate by itself. You need the private key. – user207421 Nov 19 '19 at 11:02
  • 1
    Just to give you clarification, this is the steps. 1) You create a public and private key. 2) You create a CSR with the public key and other parameters such as subject, subject alternative name etc... 3) You submit this CSR to a Certificate Authority which digitally signs that public key, and provides you with the certificate. 4) Now, you need to import the certificate and appropriate private key into the KeyStore. So, in your case, you are using a certificate with inappropriate private key. – Saravana Kumar Nov 19 '19 at 11:13
  • Are you doing this process with keytool/ openssl or programmatically? – Saravana Kumar Nov 19 '19 at 11:17
  • @imrsk with Keytool – EAbdellah Nov 19 '19 at 12:48
  • @user207421 this is the process with openSSL ? – EAbdellah Nov 19 '19 at 12:49
  • 1
    If possible, follow my previous comment. Start the whole process again. As I told earlier, you cannot use a private key of a certificate with a different certificate. Because, the public key and private key will not mathematically match. So, if you are trying to do this, it is never going to happen. Else if you want to import the cert and the appropriate key to a new keystore and use it, then follow this https://stackoverflow.com/questions/16397858/how-to-extract-private-key-from-pfx-file-using-openssl – Saravana Kumar Nov 19 '19 at 13:00
  • I didn't give you any process. The process @imrsk gave you is for the keytool, which is what you told him you were using. So why are you now asking about OpenSSL? – user207421 Nov 19 '19 at 23:24
  • @AbdellahElachhab, See Berk D Demir's answer here [how to export cer from pfx](https://stackoverflow.com/questions/403174/convert-pfx-to-cer). After that, see [how to export the private key from pfx](https://stackoverflow.com/questions/16397858/how-to-extract-private-key-from-pfx-file-using-openssl). Then with private key and cert files in hand, you could create a new Keystore. – Saravana Kumar Nov 20 '19 at 05:11

0 Answers0