My old jks-Keystore shows:
Status: valid
My new Keystore shows:
Status: not private / certificate is public or password mismatch
Is this a problem, or can I sign my JARs anyway with that keystore, without further harm?
A second difference to the old keystore is, that the new one lacks the following three lines regarding the chain verification:
Chain verification: OK
intermediate: CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
root: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Hi Bernd,
I think something has gone wrong when creating the keystone.
Just went through the whole process myself after renewal of my old certifcate.
Below steps are really the easiest way I could find to create a new certificate
(btw I picked up my certificate through IE)
PFX certficate export from IE:
- Goto Internet Options > Content > Certificates
- Select certificate
- Export
- Export wizard: include private key
- Export wizard: PFX-file > include all certificates + enable certificate privacy
- Export wizard: set password
- Export wizard: encryption: TripleDES-SHA1
- Export wizard: enter filename
- Save File
Then create JKS:
- Open keystore explorer (http://keystore-explorer.org)
- Create new keystore
- Import trusted certificate ‘root’ with alias ‘root’
- Import trusted certificate ‘intermediate’ with alias ‘intermediate’
- Import key pair ‘p12-file’ with alias ‘private’
- Save JKS-file
That’s it, hope it helps
Thank you very much for the detailed description.
I will test this approach.