HELP : CFPDF SIGN : keyalias 321 does not exist in the keystore.

Explorer ,
Mar 23, 2018 Mar 23, 2018

Copy link to clipboard

Copied

Hello,

i want to automate the signing of my pdf's. I use standard coldfusion command

<cfpdf action="sign" source="noSign.pdf" destination="Signed.pdf"

keystore="c:\coldfusion2016\jre\bin\myKeystore.jks" keystorepassword="changeit" keyalias="321"

overwrite="true" pages="1" height="100" width="200" position="280,210" author="false">

and i get the ERROR : "keyalias 321 does not exist in the keystore."

when i list on the server : keytool -list -v -keystore myKeystore.jks the alias really excits

C:\ColdFusion2016\jre\bin>keytool -list -v -keystore myKeystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 321
Creation date: 23-mars-2018
Entry type: trustedCertEntry

.....

i've imported this alias by : keytool -import -keystore myKeystore.jks -file 321.cer -alias 321

HELPPPPPPP !!!!

Thx in advance

Views

339

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Explorer , Mar 23, 2018 Mar 23, 2018
charlie@carehart.org,I've didn't updated the jvm. It's a clean standard installation of CF2016.if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i getjava.home=C:\\ColdFusion2016\\jrethe keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\binWhen i open the CF admin and go to the Java and JVM part, these are the settingsJava Virtual Machine PathC:\ColdFusion2016\jreColdFusion Class Pathc:\DATA\SOFTWARE\ORA12\libJVM Arguments-server -XX...

Likes

Translate

Translate
Adobe Community Professional ,
Mar 23, 2018 Mar 23, 2018

Copy link to clipboard

Copied

You must make sure first that cf is using the keystore you are checking and writing to. It may not be.

Look in the "Java and Jvm" page of the cf admin  for the Java virtual machine path field, or see the java.home value in cf's jvm.config file (or have someone with access to those tell you).

There are many reasons folks may update the jvm that cf uses. If they do, any such certs needed must be installed/reinstalled into the NEW jvm's keystore.

Let us know if that's it. There are still other easy mistakes one can make in trying to import certs.


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 23, 2018 Mar 23, 2018

Copy link to clipboard

Copied

Hi,

I have created a test self-signed certificate and converted it to both .pfx and .jks and it seems to be working fine.

PFX example

<cfpdf action="sign"

source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"

destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign.pdf"

keystore="C:\openssl\bin\ca.pfx" keystorepassword="changeit"

overwrite="true" pages="1" height="100"

width="100" position="100,100" author="false"

/>

JKS Example

<cfpdf action="sign"

source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"

destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign_jks.pdf"

keystore="C:\openssl\bin\cert\ca.jks" keystorepassword="changeit"

overwrite="true" pages="1" height="100"

width="100" position="100,100" author="false"

/>

Can you please remove the 'keyalias' from your code. Also, as Charlie mentioned that you also have to check your JVM, which JDK it is pointing(external/internal). Maybe you have imported the certificate in internal keystore and you might be using the internal JDK in ColdFusion or vice versa.

Thanks,

Priyank Shrivastava

Thanks,
Priyank Shrivastava

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 23, 2018 Mar 23, 2018

Copy link to clipboard

Copied

charlie@carehart.org,

I've didn't updated the jvm. It's a clean standard installation of CF2016.

if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i get

java.home=C:\\ColdFusion2016\\jre

the keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\bin

When i open the CF admin and go to the Java and JVM part, these are the settings

C:\ColdFusion2016\jre

c:\DATA\SOFTWARE\ORA12\lib

-server -XX:MaxMetaspaceSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Djava.util.logging.config.file={application.home}/lib/logging.properties

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 23, 2018 Mar 23, 2018

Copy link to clipboard

Copied

priyanks97293812,

I see that you use C:\openssl.

What i've done : i've exported my certificate from my official identity card (Belgium) and saved it to a .CER file, then i've copied this .CER to the c:\coldfusion2016\jre\bin and imported with keytool my own .CER

keytool -import -keystore myKeystore.jks -file 321.cer -alias 321

i didn't used openssl.

Must i Always use openssl?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 26, 2018 Mar 26, 2018

Copy link to clipboard

Copied

LATEST

Hi,

It is not mandatory to use Openssl, I am using it for myself. You can use keytool to generate the certificate.

Will it be possible for you to generate the self signed certificate and try it. So that we can isolate the issue with certificate.

Thanks,

Priyank

Thanks,
Priyank Shrivastava

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines