search cancel

When we use java keytool to import a p12 cert, we receive the error "alias <tomcatssl> does not exist"

book

Article ID: 253740

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

We are using java keytool to import a p12 cert into the keystore.  When we run the import command and enter the passwords correctly, we see the error below.

 

./keytool -importkeystore -srckeystore <p12cert>.p12 -destkeystore c:\win32app\Spectrum\custom\keystore\cacerts -srcstoretype pkcs12 -alias tomcatssl

 

Keytool error: java.lang.exception: alias <tomcatssl> does not exist

Environment

Release : 10.x / 21.x / 22.x

Cause

Alias in p12 cert is different then tomcatssl

Resolution

Make a backup copy of the original p12 file.


Then we need to change the alias in the p12 file, first we ran this command to display the current alias inside the p12 cert.

 

./keytool -list -v -keystore <p12cert>.p12 -storetype PKCS12

 

Once we have the correct alias name, we can change this to tomcatssl

 

If the alias is blank

./keytool -changealias -alias "" -destalias "tomcatssl" -keystore <p12cert>.p12

 

If the alias has another name other then tomcatssl

 

./keytool -changealias -alias "<aliasname>" -destalias "tomcatssl" -keystore <p12cert>.p12

 

Then finally we can import the p12 file into the keystore  (make backup of keystore first).

 

./keytool -importkeystore -srckeystore <p12cert>.p12 -destkeystore c:\win32app\Spectrum\custom\keystore\cacerts -srcstoretype pkcs12 -alias tomcatssl

 

Then a restart of the Spectrum tomcat is required.