38

I am trying to discover the list of trusted authorities in my Java Runtime using the instructions in this article. When I typed the command below:

C:\ColdFusion8\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore

I got the following error:

'keytool' is not recognized as an internal or external command, operable program or batch file.

I checked that the directory containing my keytool executable is in the path. (On my Windows 7 machine, it's in C:\Program Files (x86)\Java\jre6\bin) Despite this, the command line will not recognise the keytool command.

I'm assuming that there are two separated commands mentioned in the doc:

  1. C:\CFusionMX\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore

  2. C:\CFusionMX\runtime\jre\lib\security\cacerts

EDIT:

By the way can I use the following process instead of complex steps mentioned in the answer?

  1. When I opened the WSDL into my browser, I saw the Lock icon, when I clicked on it a "Certificate" window opened

  2. Then I clicked on "Install Certificate" option

  3. A Certificate Import Wizard window opened, I clicked on Next I saw two options

    • a) Automatically select the certificate store based on the type of certificate (this option was selected automatically)
    • b) Place all certificates in the following store

I decided to select option (b), but I'm confused which certificate store I should select here.

Stevoisiak
  • 16,510
  • 19
  • 94
  • 173
Jack
  • 781
  • 3
  • 12
  • 22
  • FYI, when you get that error with an executable, always run a `dir` to verify the path ie `c:/current/path > dir C:\ColdFusion8\runtime\jre\lib\keytool.exe` . (That would have told you the path for keytool.exe was wrong, as Miguel-F pointed out) – Leigh Oct 17 '13 at 18:16
  • Hi Leigh, Do you think that the alternative approach would work that I mentioned above? – Jack Oct 17 '13 at 18:18
  • AFAIK, IE uses its own separate keystore by default, so my instinct is to say "no". But I am honestly not sure. I do not use IE much. It probably depends on whether IE lists/can access the java store you are trying to use. That said, I am not sure what is so complex about adding a cert via the command line :) Just use the right path for the .exe and you are in business. – Leigh Oct 17 '13 at 20:24

7 Answers7

41

  1. Add your JDK's /bin folder to the PATH environmental variable. You can do this under System settings > Environmental variables, or via CLI:

    set PATH=%PATH%;C:\Program Files\Java\jdk1.7.0_80\bin

  2. Close and reopen your CLI window

Leigh
  • 28,424
  • 10
  • 49
  • 96
martoncsukas
  • 1,717
  • 17
  • 21
  • 1
    Hm, mine doesn't stay after closing/opening cmd window – pete May 25 '17 at 06:28
  • 1
    I remember this saved my life :D I have problems again and this helps again, I did not find any other solution that helps me. Thank you very much for sharing this. @pete Make sure you add correct jdk version, for me it's C:\Program Files\Java\jdk1.8.0_73\bin – User 987 Jun 07 '17 at 16:33
  • Will the keytool import certificates for both the JRE and the JDK, or will the keytool need to be run separately for both? – Stevoisiak Oct 27 '17 at 14:54
  • thank you. Next step is `openssl' is not recognized as an internal ...` – Someone Somewhere Oct 16 '18 at 07:25
  • It is not working. I am using latest jdk .ANdroid studio has pre-installed jre that is why I am not using any JRE separately. i only have jdk for AS. – raman raman Nov 13 '19 at 04:45
28

You are getting that error because the keytool executable is under the bin directory, not the lib directory in your example. And you will need to add the location of your keystore as well in the command line. There is a pretty good reference to all of this here - Jrun Help / Import certificates | Certificate stores | ColdFusion

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

  • Server Configuration:

    cf_root/runtime/jre/lib/security/cacerts

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/lib/security/cacerts

  • Sun JDK installation:

    jdk_root/jre/lib/security/cacerts

  • Consult documentation for other J2EE application servers and JVMs

The keytool is part of the Java SDK and can be found in the following places:

  • Server Configuration:

    cf_root/runtime/bin/keytool

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/bin/keytool

  • Sun JDK installation:

    jdk_root/bin/keytool

  • Consult documentation for other J2EE application servers and JVMs

So if you navigate to the directory where the keytool executable is located your command line would look something like this:

keytool -list -v -keystore JAVA_HOME\jre\lib\security\cacert -storepass changeit

You will need to supply pathing information depending on where you run the keytool command from and where your certificate file resides.

Also, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

Miguel-F
  • 13,042
  • 5
  • 33
  • 55
  • Thanks for your answer. Do you think the alternate option I added in my question would work? If yes, could you answer my question I asked over there? Just trying to avoid all the complex steps mentioned above. – Jack Oct 17 '13 at 18:12
  • Side note, in case it is not obvious "changeit" is just the default password. For security reasons, it should be changed .. to something more secure. – Leigh Oct 17 '13 at 20:34
  • @nitantkumar - No, IE uses it's own keystore not the same as the java keystore. You can export the certificate from IE, and save it in the DER format. Then you take that file and import it (using the keytool) into the Java keystore. It is not really that complicated. – Miguel-F Oct 17 '13 at 20:46
  • @Miguel-F Do you know where can I find the Automatically saved certificate saved by IE? – Jack Oct 18 '13 at 07:28
  • @nitantkumar - I will leave this answer as it answers your original question posted here. Why you received the error and how to retrieve a list of currently installed certificates. Now you are asking another question regarding how to install the certificate. Accept this answer if it worked for you and then ask a new question regarding the installation process. This makes it less confusing for people who may find this thread later. **Never mind on opening a new question, I found your other question and will answer there http://stackoverflow.com/q/19412530/1636917** – Miguel-F Oct 18 '13 at 12:13
  • i am using latest version of JDK and android studio. I can not find jre in the jdk-13 folder. – raman raman Nov 13 '19 at 04:44
  • 1
    @ramanraman That has changed since version 11 (I believe). [See this answer for details.](https://stackoverflow.com/a/53112096/1636917) – Miguel-F Nov 13 '19 at 12:56
9

Run the CMD as run as administrator this worked for me

MendelG
  • 4,464
  • 1
  • 5
  • 22
Saurabh Chaturvedi
  • 139
  • 1
  • 5
  • Tried the answers above about setting env path to different locations of where keytool can be found and none of that worked. Oddly, it just worked after running it as administrator. Running Win10 x64 – ZeferiniX Jun 20 '18 at 12:34
  • Same. Even after adding to path it didn't work but running the same command in Administrator Command Prompt worked. – gegobyte Aug 22 '20 at 18:02
2

Execute following command:

set PATH="C:\Program Files (x86)\Java\jre7"

(whichever JRE exists in case of 64bit).

Because your Java Path is not set so you can just do this at command line and then execute the keytool import command.

User_1191
  • 955
  • 1
  • 7
  • 22
Mitz K
  • 21
  • 1
1

I finally solved the problem!!! You should first set the jre path to system variables by navigating to::

control panel > System and Security > System > Advanced system settings

Under System variables click on new

Variable name: KEY_PATH
Variable value: C:\Program Files (x86)\Java\jre1.8.0_171\bin

Where Variable value should be the path to your JDK's bin folder.

Then open command prompt and Change directory to the same JDK's bin folder like this

C:\Program Files (x86)\Java\jre1.8.0_171\bin

then paste,

keytool -list -v -keystore "C:\Users\user\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android

NOTE: People are confusing jre and jdk. All I did applied strictly to jre

Jude
  • 386
  • 1
  • 3
  • 9
  • 1
    Glad you solved your problem. FYI, the original question was about using keytool with *ColdFusion's custom java install* - not Android. For anyone using CF, the above method won't work (different paths, default passwords, etc..). See the accepted answer https://stackoverflow.com/a/19432015/8895292 – SOS Sep 27 '19 at 13:50
1

A simple solution of error is that you first need to change the folder directory in command prompt. By default in command prompt or in terminal(Inside Android studio in the bottom)tab the path is set to C:\Users#Name of your PC that you selected\AndroidStudioProjects#app name\flutter_app> Change accordingly:- C:\Users#Name of your PC that you selected\AndroidStudioProjects#app name\flutter_app>cd\

type **cd** (#after flutter_app>), type only cd\ not comma's

then type cd Program Files\Java\jre1.8.0_251\bin (#remember to check the file name of jre properly)

now type keytool -list -v -keystore "%USERPROFILE%.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android (without anyspace type the command).

screenshot of the codes to run

Sourabh Biswas
  • 21
  • 1
0

Make sure JAVA_HOME is set and the path in environment variables. The PATH should be able to find the keytools.exe

Open “Windows search” and search for "Environment Variables"

Under “System variables” click the “New…” button and enter JAVA_HOME as “Variable name” and the path to your Java JDK directory under “Variable value” it should be similar to this C:\Program Files\Java\jre1.8.0_231

Majali
  • 362
  • 3
  • 8