tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <>
Subject Re: PFX generation using keytool
Date Wed, 06 Nov 2013 22:09:50 GMT

On 6.11.2013 22:50, Christopher Schultz wrote:
>> TrustedCertEntry not supported.
>> Entry for alias root not imported. Do you want to quit the import
>> process? [no]:
>> How can i solve this issue?
> What kind of stuff can be found in your .keystore source?
> If you have a TrustedCertEntry (which ought to be a client
> certificate, right?) then it has no place in a keystore... that
> belongs in a truststore, no?

Nestor probably have root and intermediate CA certificates imported into 
Java keystore in order to create valid certificate chain during the 
import of server certificate.

After the server certificate is imported into keystore, root and 
intermediate CA certificates are safe to remove from the keystore.

> Try importing .. um, less of the source keystore?

Right, OP might:

1. Delete trusted key entries, and leave only PrivateKeyEntry, and then 
export, or
2. add option -alias foo, where foo is alias for PrivateKeyEntry 
available in the keystore.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message