Page 1 of 1

Java Keystore Status "not private"

PostPosted: Wed Mar 10, 2021 7:04 pm
by Bernd.N
My old jks-Keystore shows:
Status: valid

My new Keystore shows:
Status: not private / certificate is public or password mismatch

Is this a problem, or can I sign my JARs anyway with that keystore, without further harm?

A second difference to the old keystore is, that the new one lacks the following three lines regarding the chain verification:
Chain verification: OK
intermediate: CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
root: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

Re: Java Keystore Status "not private"

PostPosted: Fri Mar 12, 2021 3:46 pm
by mboegem
Hi Bernd,

I think something has gone wrong when creating the keystone.
Just went through the whole process myself after renewal of my old certifcate.
Below steps are really the easiest way I could find to create a new certificate
(btw I picked up my certificate through IE)

PFX certficate export from IE:
- Goto Internet Options > Content > Certificates
- Select certificate
- Export
- Export wizard: include private key
- Export wizard: PFX-file > include all certificates + enable certificate privacy
- Export wizard: set password
- Export wizard: encryption: TripleDES-SHA1
- Export wizard: enter filename
- Save File

Then create JKS:
- Open keystore explorer (http://keystore-explorer.org)
- Create new keystore
- Import trusted certificate ‘root’ with alias ‘root’
- Import trusted certificate ‘intermediate’ with alias ‘intermediate’
- Import key pair ‘p12-file’ with alias ‘private’
- Save JKS-file

That's it, hope it helps

Re: Java Keystore Status "not private"

PostPosted: Wed Mar 17, 2021 10:46 am
by Bernd.N
Thank you very much for the detailed description.
I will test this approach.