• Post Reply Bookmark Topic Watch Topic
  • New Topic

certificate chain  RSS feed

swap Inam
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All

I have created a JKS file using Keytool and can view it on command line as below :
keytool -list -keystore keystore.jks -v
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: mydomain
Creation date: Jan 14, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Issuer: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Serial number: 496de2dc
Valid from: Wed Jan 14 18:34:28 IST 2009 until: Tue Apr 14 18:34:28 IST 2009
Certificate fingerprints:
MD5: 07:25:02:86:E2:01:65:4C:4B:46:BD:75:4C:4C:3E:A2
SHA1: 73:CC:38:83:7B:E3:AD:55:36:E4:67:04:9B:72:E6:AF:3D:5F:86:14
Signature algorithm name: SHA1withRSA
Version: 3


when I try to read this file programatically as below :

final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(m_KeyStore.getInput(), m_KeyStore.getPassword());
kmf = getKeySunX509ManagerFactory();
kmf.init(ks, m_KeyStore.getPassword());

// Check if certificates are valid.
final KeyManager[] kmgrs = kmf.getKeyManagers();
for (int i = 0; i < kmgrs.length; i++)
if (kmgrs[i] instanceof X509KeyManager)
final X509KeyManager mgr = (X509KeyManager) kmgrs[i];
final X509Certificate[] certs = mgr.getCertificateChain(m_KeyStore.getAlias());
if (certs != null)
for (int j = 0; j < certs.length; j++)
final X509Certificate cert = certs[j];
final String error = "Key Store Certificate Chain incomplete";
throw new AgentException(error);

I always happen to get the error : "Key Store Certificate Chain incomplete" as NULL is returned
for mgr.getCertificateChain(m_KeyStore.getAlias()) in the above code snippet

Why this error is thrown when on command line output above it shows Certificate chain length: 1

Any help is appreciated
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!