Java Keytool error after importing certificate , "keytool error: & Access Denied"

Related searches

I'm trying to connect a Java Web API via HTTPS; however, an exception is thrown:

I followed these steps which I learned from online keytool & SSL cert tutorials:

  1. I copied the HTTPS URL into the browser, downloaded the SSL certificates & Installed them in the browser using Internet Explorer.

  2. Exported the certificates to a path on my computer, the certificates were saved as .cer

  3. Used the keytool's import option. The command below executed without any errors.

    keytool -import -alias downloadedCertAlias -keystore C:\path\to\my\keystore\cacerts.file -file C:\path\of\exportedCert.cer
  4. I was prompted for a password at the command prompt, which I entered then I was authenticated.

  5. The cmd window printed some certificate data & signatures and I was prompted with the question:

    Trust this certificate?

    I answered yes.

  6. The cmd prompt displayed

    Certificate was added to keystore

    However after that message, another exception was displayed:

    keytool error: C:\Program files\...\cacerts <Access Denied>

Finally when I checked the keystore , the SSL certificate was not added and my application gives the same exception I was getting earlier when trying to connect:


This could happen if you are not running the command prompt in administrator mode. If you are using windows 7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click command prompt and click 'run as administrator'.

keytool error: C:\cacerts (Access is , keytool -genkey -v -keystore test.keystore -alias testkeystore -keyalg RSA - keysize Try putting on another drive: D:\tmp or C:\tmp (other than root). sure u are certificate directory): keytool -import -file staging.cer -keystore� Exported the certificates to a path on my computer, the certificates were saved as .cer. Used the keytool’s import option. The command below executed without any errors. keytool -import -alias downloadedCertAlias -keystore C:\path\to\my\keystore\cacerts.file -file C:\path\of\exportedCert.cer

I had the same problem under Windows and could solve it by running cmd.exe as administrator (right-click in start menu, then "Run as administrator).

keytool error: java.lang.Exception: Input not an X.509 certificate, Error occurs when importing Javasoft certificate into the Key store. Error occurs during import. Error: "keytool error: java.lang.Exception: Input� Check to see whether there is a key with the same CN information but a different alias. I have had similar problems before when I tried to import a newer version of a certificate but left the older version in the keystore.

I was having the same problem while importing the certificate in local keystore. Whenever i issue the keytool command i got the following error.

Certificate was added to keystore keytool error: C:\Program Files\Java\jdk1.8.0_151\jre\lib\security (Access is denied)

Following solution work for me.

1) make sure you are running command prompt in Rus as Administrator mode

2) Change your current directory to %JAVA_HOME%\jre\lib\security

3) then Issue the below command

keytool -import -alias "mycertificatedemo" -file "C:\Users\name\Downloads\abc.crt" -keystore cacerts

3) give the password changeit

4) enter y

5) you will see the following message on successful "Certificate was added to keystore"

Make sure you are giving the "cacerts" only in -keystore param value , as i was giving the full path like "C**:\Program Files\Java\jdk1.8.0_151\jre\lib\security**".

Hope this will work

Installing a SSL Certificate, keytool error: C:\ssl.key <Access is denied>. When attempting to generate the keystore you may see an error� If the alias does exist, then the keytool command outputs an error because a trusted certificate already exists for that alias, and doesn't import the certificate. If -alias points to a key entry, then the keytool command assumes that you're importing a certificate reply.

Check the write permissions on the keystore.

Adding SSL Certificate to Java Keystore, I looked into the links you shared & tried the following command but got error: C:\ Program Files\Java\jdk1.8.0_101\bin>keytool -import -alias dvtcapp01 -k Keytool in Java 6 does have this capability: Importing private keys into a Java keystore using keytool Here are the basic details from that post. Convert the existing cert to a PKCS12 using OpenSSL.

For Mac users make sure to sudo and when prompted first give your administrator password and that will be followed by keystore password which typically should be "changeit" unless you actually changed it.

Troubleshooting Offline Mediation Controller, After installing only Node Manager, when you run the createNodeMgrCert script to create Node Manager certificate, you receive the "keytool error: If you'd like to see the entire process of creating a private key, exporting it in a certificate file, importing it into a public keystore, and listing the keystore contents, I have all of that in one place in a long-but-complete Java keytool, keystore, genkey, export, import, certificate, and list tutorial as well.

2.1 Importing certificate into cacert. Go to the JAVA_HOME\bin directory and run: keytool -importcert -file mycertfile.pem -keystore cacerts -alias "Alias" 2.2 Importing certificate into jks keystore keytool -importcert -file mycertfile.pem -keystore keystore.jks -alias "Alias" -storepass <PASSWORD>

This is only possible by using keytool.exe that is located in every standard JRE installation C:\Program Files (x86)\Java\jre1.8.0_144\bin\keytool.exe The following command will import the certificate “C:\certificate.cer” to the keystore “cacerts” that is protected by the password “changeit”. If you have installed the JRE with

When managing certificates in the Java world, the utility you're most likely to encounter is keytool, an integral part of the Java Development Kit. Although keytool can be effectively used to generate self-signed private/public key pairs, it's a little lacking when it comes to incorporating in certs generated by trusted authorities.

  • could you post the exact keytool command that you've executed, and it's output? some of the obvious issues here are the typo of -keystore argument, and the fact that keytool was unable to find the keystore to import the key into
  • I meant to write: keytool -import -alias downloadedCertAlias -keystore C:\path\to\my\keystore\cacerts.file -file C:\path\of\exportedCert.cer I also mentioned the command executed without errors, so obviously this is just spelling mistake in my question!!! Thanks anyways
  • For Mac users, a simple sudo will fix this issue.
  • running as admin is not the right solution. Most companies are locking down admin access. Better to fix the reason as to why access is denied rather than elevating the previlages.
  • type cmd and hit Ctrl+Shift+enter and added certificate successfully- Its worked for me
  • Thanks. control-shift CMD was the only way I could alter cacerts store.
  • @Afshar thanks a lot i have been struggling with this for quite a long time.
  • As mentioned here, being actually in the security directory and only giving the "cacerts" name of the cert instead of the full path was what worked for me.
  • I used sudo -i to make myself the superuser in the first step on Mac and followed the steps and it worked. I opened up carets file as a text file and found my certificate by doing command f to search for its name (or anything else relating to the certificate).
  • If anyone can expand on this, just checking the permissions won't change anything.
  • setting the tomcat directory to read-only will cause this exception
  • how to chek the weite permission?