1

This question may be duplicate, but i am not able to get the solution, I tried to create SSL certificate with following commands,

C:\Program Files\Java\jdk1.6.0_05\bin>keytool -genkey -alias tomcat -keyalg RSA
-keystore E:\key
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Raghu
What is the name of your organizational unit?
  [Unknown]:  BFS
What is the name of your organization?
  [Unknown]:  iGate
What is the name of your City or Locality?
  [Unknown]:  Bang
What is the name of your State or Province?
  [Unknown]:  KA
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Raghu, OU=BFS, O=iGate, L=Bang, ST=KA, C=IN correct?
  [no]:  y

Enter key password for <tomcat>
        (RETURN if same as keystore password):
Re-enter new password:

I have tried get certificate request using following command

C:\Program Files\Java\jdk1.6.0_05\bin>keytool -certreq -v -alias tomcat -keyalg
RSA -keystore E:\key
Enter keystore password:

And got following response in the command prompt

**-----BEGIN NEW CERTIFICATE REQUEST----- MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAktBMQ0wCwYDVQQHEwRCYW5nMQ4w
DAYDVQQKEwVpR2F0ZTEMMAoGA1UECxMDQkZTMQ4wDAYDVQQDEwVSYWdodTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA0Aoxz2V/Cqs00d7d4iVysIcfMxXDA4ydD5+AY2Q2hPqIOAbfrz0HiSjZ
JwKV0/g7P/oWPU9fCFYnLXAynusbaAtw5xIolMNqj9gtxmD1BzrwxcVIX3oWY0LzO768TMY3Szjp
tS64z5q1KSTYqeZww0f11N2JssjtMch8gw50FIcCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAK1v
sE0BNxGrGKNBXhYuSdgwF14ZnELtjWBzDJDzbzgJbK6RJlOEstKxdStR2fq7iv0ow+Df7TnVWidm
+0PRLuhtr3DMZVX2acNQY4c4ynKWgLyBV2lAXbYfgZdzQr3ClY+40lkbmHQaMxZcxz2q7u8Np6sH
n0iytY6U0CqJpRcB
----END NEW CERTIFICATE REQUEST-----**

And I am saved in cert.txt file and to Verify the Certificate Reply

 C:\Program Files\Java\jdk1.6.0_05\bin>keytool -printcert -file E:\cert.txt

**keytool error: java.lang.Exception: Failed to parse input**

I got the above error. please suggest for the same.

Improve this question

2 Answers 2

Reset to default
4

You're confusing certificate and certificate request.

When you use -certreq, you're producing a certificate request (CSR), which you should send to your CA, which will send you a certificate in return. You'll then be able to import that certificate into your keystore, against the private key it already holds (and that was generated with -genkey.

-printcert is for printing certificates, not certificate requests (BEGIN NEW CERTIFICATE REQUEST).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Please suggest me what to do now?
It's not clear what you're trying to do. Are you trying to get a certificate from a CA or a self-signed certificate?
Self-Signed Certificate
In this case, export the certificate, not the CSR: use -exportcert instead (-genkey generates both a certificate internally and a CSR). You'll also need to put your host name in "What is your first and last name?" (e.g. www.example.com): this is what will be used for the CN.
1

I think you missed one step which is causing the issue. 

keytool -exportcert -rfc -keystore D:\key -file D:\cert.crt

Please check this link.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.