search cancel

When we use java keytool to import a p12 cert, we receive the error "alias <tomcatssl> does not exist"


Article ID: 253740


Updated On:


CA Spectrum


We are using java keytool to import a p12 cert into the keystore.  When we run the import command and enter the passwords correctly, we see the error below.


./keytool -importkeystore -srckeystore <p12cert>.p12 -destkeystore c:\win32app\Spectrum\custom\keystore\cacerts -srcstoretype pkcs12 -alias tomcatssl


Keytool error: java.lang.exception: alias <tomcatssl> does not exist


Release : 10.x / 21.x / 22.x


Alias in p12 cert is different then tomcatssl


Make a backup copy of the original p12 file.

Then we need to change the alias in the p12 file, first we ran this command to display the current alias inside the p12 cert.


./keytool -list -v -keystore <p12cert>.p12 -storetype PKCS12


Once we have the correct alias name, we can change this to tomcatssl


If the alias is blank

./keytool -changealias -alias "" -destalias "tomcatssl" -keystore <p12cert>.p12


If the alias has another name other then tomcatssl


./keytool -changealias -alias "<aliasname>" -destalias "tomcatssl" -keystore <p12cert>.p12


Then finally we can import the p12 file into the keystore  (make backup of keystore first).


./keytool -importkeystore -srckeystore <p12cert>.p12 -destkeystore c:\win32app\Spectrum\custom\keystore\cacerts -srcstoretype pkcs12 -alias tomcatssl


Then a restart of the Spectrum tomcat is required.