Skip to main content
D
didierd1999397
Inspiring
March 23, 2018
Answered

HELP : CFPDF SIGN : keyalias 321 does not exist in the keystore.

  • March 23, 2018
  • 2 replies
  • 941 views

Hello,

i want to automate the signing of my pdf's. I use standard coldfusion command

<cfpdf action="sign" source="noSign.pdf" destination="Signed.pdf"

keystore="c:\coldfusion2016\jre\bin\myKeystore.jks" keystorepassword="changeit" keyalias="321"

overwrite="true" pages="1" height="100" width="200" position="280,210" author="false">

and i get the ERROR : "keyalias 321 does not exist in the keystore."

when i list on the server : keytool -list -v -keystore myKeystore.jks the alias really excits

C:\ColdFusion2016\jre\bin>keytool -list -v -keystore myKeystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 321
Creation date: 23-mars-2018
Entry type: trustedCertEntry

.....

i've imported this alias by : keytool -import -keystore myKeystore.jks -file 321.cer -alias 321

HELPPPPPPP !!!!

Thx in advance

This topic has been closed for replies.
Correct answer didierd1999397

charlie@carehart.org,

I've didn't updated the jvm. It's a clean standard installation of CF2016.

if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i get

java.home=C:\\ColdFusion2016\\jre

the keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\bin

When i open the CF admin and go to the Java and JVM part, these are the settings

C:\ColdFusion2016\jre

c:\DATA\SOFTWARE\ORA12\lib

-server -XX:MaxMetaspaceSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Djava.util.logging.config.file={application.home}/lib/logging.properties

2 replies

Priyank Shrivastava.
Community Manager
Priyank Shrivastava.Community Manager
Community Manager
March 23, 2018

Hi,

I have created a test self-signed certificate and converted it to both .pfx and .jks and it seems to be working fine.

PFX example

<cfpdf action="sign"

source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"

destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign.pdf"

keystore="C:\openssl\bin\ca.pfx" keystorepassword="changeit"

overwrite="true" pages="1" height="100"

width="100" position="100,100" author="false"

/>

JKS Example

<cfpdf action="sign"

source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"

destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign_jks.pdf"

keystore="C:\openssl\bin\cert\ca.jks" keystorepassword="changeit"

overwrite="true" pages="1" height="100"

width="100" position="100,100" author="false"

/>

Can you please remove the 'keyalias' from your code. Also, as Charlie mentioned that you also have to check your JVM, which JDK it is pointing(external/internal). Maybe you have imported the certificate in internal keystore and you might be using the internal JDK in ColdFusion or vice versa.

Thanks,

Priyank Shrivastava

Thanks,Priyank Shrivastava
    D
    didierd1999397AuthorCorrect answer
    Inspiring
    March 24, 2018

    charlie@carehart.org,

    I've didn't updated the jvm. It's a clean standard installation of CF2016.

    if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i get

    java.home=C:\\ColdFusion2016\\jre

    the keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\bin

    When i open the CF admin and go to the Java and JVM part, these are the settings

    C:\ColdFusion2016\jre

    c:\DATA\SOFTWARE\ORA12\lib

    -server -XX:MaxMetaspaceSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Djava.util.logging.config.file={application.home}/lib/logging.properties

    D
    didierd1999397Author
    Inspiring
    March 24, 2018

    priyanks97293812,

    I see that you use C:\openssl.

    What i've done : i've exported my certificate from my official identity card (Belgium) and saved it to a .CER file, then i've copied this .CER to the c:\coldfusion2016\jre\bin and imported with keytool my own .CER

    keytool -import -keystore myKeystore.jks -file 321.cer -alias 321

    i didn't used openssl.

    Must i Always use openssl?

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    March 23, 2018

    You must make sure first that cf is using the keystore you are checking and writing to. It may not be.

    Look in the "Java and Jvm" page of the cf admin  for the Java virtual machine path field, or see the java.home value in cf's jvm.config file (or have someone with access to those tell you).

    There are many reasons folks may update the jvm that cf uses. If they do, any such certs needed must be installed/reinstalled into the NEW jvm's keystore.

    Let us know if that's it. There are still other easy mistakes one can make in trying to import certs.

    /Charlie (troubleshooter, carehart. org)
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices