Jarsigner:找不到证书链

发布于 2024-09-09 06:05:31 字数 558 浏览 10 评论 0原文

我已将证书导入到私有 ~/.keystore 文件中:

keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

mylyn-mantis, Jul 15, 2010, trustedCertEntry

并尝试用它签署一个 jar,但出现“未找到证书链”错误。

jarsigner -verbose  /home/robert/file.jar mylyn-mantis
jarsigner: Certificate chain not found for: mylyn-mantis.  mylyn-mantis must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

我该如何解决这个问题?

I have imported a certificate into a private ~/.keystore file:

keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

mylyn-mantis, Jul 15, 2010, trustedCertEntry

and am trying to sign a jar with it, but I get a 'certificate chain not found' error.

jarsigner -verbose  /home/robert/file.jar mylyn-mantis
jarsigner: Certificate chain not found for: mylyn-mantis.  mylyn-mantis must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

How can I solve this problem?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

っ〆星空下的拥抱 2024-09-16 06:05:32

看来您的密钥库仅包含一个证书(公钥),您需要一个完整的密钥条目、私钥和整个证书链才能签署任何内容

It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything

牵你手 2024-09-16 06:05:32

简短回答

使用您的别名密钥而不是密钥存储,如下所示:

jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

更多详细信息

以下是解决此错误的最简单方法:

  1. 转到 bin 文件夹..它可能位于此中小路:

C:\Users[您的计算机名称]\jdk\bin

或此路径:

C:\Program Files\Java\jre1.8.0_77\bin

  1. 为了防止环境变量配置引起的问题,请复制要签名的空包你的key store【签名私钥】到JDK下的bin目录

  2. 通过运行以下命令获取您的别名密钥:

    keytool -keystore [您的密钥存储] -list -v

  3. 最后运行此命令:

    jarsigner -verbose -keystore [您的签名存储路径] -signedjar [签名文件名] [未签名文件名] [您的别名密钥]

Short Answer

Use your alias key instead of key store like this:

jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

More Details

Here are the easiest way to solve this error:

  1. Go to bin folder .. it may be in this path:

C:\Users[Your computer name]\jdk\bin

or this path:

C:\Program Files\Java\jre1.8.0_77\bin

  1. To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.

  2. Get your alias key by run this command:

    keytool -keystore [your key store] -list -v

  3. Finally run this command:

    jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

等风来 2024-09-16 06:05:32

我遇到了同样的问题。我有 CA 颁发的 .p12 文件,我正在尝试签署 jar 文件。但是我收到错误:

jarsigner: Certificate chain not found for:

基本上我是从控制台复制别名。错误的字符“问号”(?) 导致了此错误。相反,我将 keytool 的输出重定向到文本文件,然后从那里复制别名。

  1. 发出此命令:

    keytool -list -v -storetype pkcs12 -keystore“mycertificate.p12”> cert.txt

(这非常重要。始终重定向到txt文件。不要从控制台输出复制。它可能包含错误的字符)

  1. 找出证书中的别名。打开 cert.txt 并复制“别名:”前面提到的字符串,

假设该字符串是“我的别名,ap 是我的 ca 限制 ID”

  1. 使用 jarsigner:

    jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "我的别名,ap 是我的 ca 受限 ID"

I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:

jarsigner: Certificate chain not found for:

Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.

  1. Issue this command:

    keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt

(This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)

  1. Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"

Let's say this string is "my alias name, a.p.’s my ca limited id"

  1. Use jarsigner:

    jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"

野の 2024-09-16 06:05:32

我遇到了这个错误,但这是一个不同的问题。当您将 CSR 发送到 CA 时,它来自带有您生成的特定别名的特定私钥。当您再次收到证书时,必须使用相同的别名导入它,否则两个证书将不会连接在一起。

如果您做得正确,当您使用 keytool -list -v 时,您将看到一个带有别名的条目,其类型为

Entry type: PrivateKeyEntry
Certificate chain length: 3

For 该条目。
如果您做错了,您将有两个

Entry type: PrivateKeyEntry
Certificate chain length: 1

条目

Entry type: trustedCertEntry

I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.

If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type

Entry type: PrivateKeyEntry
Certificate chain length: 3

For the entry.
If you have done it wrong the you will have two entries

Entry type: PrivateKeyEntry
Certificate chain length: 1

and

Entry type: trustedCertEntry
谜兔 2024-09-16 06:05:32

我遇到此错误是因为我使用的是 Jenkins“证书”凭证。 Jenkins 凭证配置对话框有一个名为 Description 的文本框,其帮助显示它是描述凭证的自由注释。事实上,Jenkins 管道块 withCredentials 使用 Description 文本框来填充 aliasVariable 属性中指定的环境变量。

withCredentials([certificate(
    credentialsId:    my_credentials,
    keystoreVariable: 'MY_KEYSTORE',
    aliasVariable:    'MY_ALIAS', // Set value in Description textbox
    passwordVariable: 'MY_PASSWORD')]) {
       bat 'mvn clean deploy -Dmy.keystore=%MY_KEYSTORE% -Dmy.alias=%MY_ALIAS% -Dmy.password=\"%MY_PASSWORD%\"'
}

Jenkins 文档中没有提到这一点。

I encountered this error because I was using a Jenkins "certificate" credential. The Jenkins credential configuration dialog has a text box called Description, whose help says it is a free comment describing the credential. In fact, the Jenkins pipeline block withCredentials uses the Description text box to populate the environment variable named in the aliasVariable property.

withCredentials([certificate(
    credentialsId:    my_credentials,
    keystoreVariable: 'MY_KEYSTORE',
    aliasVariable:    'MY_ALIAS', // Set value in Description textbox
    passwordVariable: 'MY_PASSWORD')]) {
       bat 'mvn clean deploy -Dmy.keystore=%MY_KEYSTORE% -Dmy.alias=%MY_ALIAS% -Dmy.password=\"%MY_PASSWORD%\"'
}

This is not mentioned in the Jenkins documentation.

独行侠 2024-09-16 06:05:32

mylyn-mantis 应该是您生成签名密钥时使用的实际别名。

mylyn-mantis should be the actual alias name you used when you generate the signing key.

孤蝉 2024-09-16 06:05:32

简短回答

此错误消息具有误导性。当未找到别名时也会显示该信息。

详细信息

不幸的是,该错误消息具有误导性。此错误似乎在以下情况下显示:

  • 未找到证书链;
  • 未找到别名。

就我而言,这是未找到别名选项。

keytool 命令打印了用 { } 包围的别名,看起来只是一个包装,但它们确实是别名的一部分。

keytool -list -v -storetype pkcs12 -storepass password -keystore "store.pfx"
Alias name: {xxxxx-xxxx-xxxx-xxxx-xxxxxxx}

因此,您应该将整个字符串作为别名 {xxxxx-xxxx-xxxx-xxxx-xxxxxxx} 传递给 jarsigner

我的 pfx 文件是在 Windows 证书管理器中生成的。

Short answer

This error message is misleading. It is shown also, when the alias is not found.

Details

Unfortunately the error message is misleading. This error seems to be shown when:

  • the certificate chain is not found;
  • the alias is not found.

In my case it was the alias not found option.

The keytool command printed the alias surrounded with { }, that look like just a wrap, but they really are part of the alias.

keytool -list -v -storetype pkcs12 -storepass password -keystore "store.pfx"
Alias name: {xxxxx-xxxx-xxxx-xxxx-xxxxxxx}

So you should pass the whole string as an alias {xxxxx-xxxx-xxxx-xxxx-xxxxxxx} to jarsigner.

My pfx file was generated in windows certificate manager.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文