W

9

52

I am trying to discover the list of trusted authorities in my Java Runtime using the instructions in this article. When I typed the command below:

C:\ColdFusion8\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore

I got the following error:

'keytool' is not recognized as an internal or external command, operable program or batch file.

I checked that the directory containing my keytool executable is in the path. (On my Windows 7 machine, it's in C:\Program Files (x86)\Java\jre6\bin) Despite this, the command line will not recognise the keytool command.

I'm assuming that there are two separated commands mentioned in the doc:

C:\CFusionMX\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore
C:\CFusionMX\runtime\jre\lib\security\cacerts

EDIT:

By the way can I use the following process instead of complex steps mentioned in the answer?

When I opened the WSDL into my browser, I saw the Lock icon, when I clicked on it a "Certificate" window opened
Then I clicked on "Install Certificate" option
A Certificate Import Wizard window opened, I clicked on Next I saw two options
- a) Automatically select the certificate store based on the type of certificate (this option was selected automatically)
- b) Place all certificates in the following store

I decided to select option (b), but I'm confused which certificate store I should select here.

Workroom answered 17/10, 2013 at 16:6 Comment(3)

FYI, when you get that error with an executable, always run a dir to verify the path ie c:/current/path > dir C:\ColdFusion8\runtime\jre\lib\keytool.exe . (That would have told you the path for keytool.exe was wrong, as Miguel-F pointed out) – Moreira 17/10, 2013 at 18:16

Hi Leigh, Do you think that the alternative approach would work that I mentioned above? – Workroom 17/10, 2013 at 18:18

AFAIK, IE uses its own separate keystore by default, so my instinct is to say "no". But I am honestly not sure. I do not use IE much. It probably depends on whether IE lists/can access the java store you are trying to use. That said, I am not sure what is so complex about adding a cert via the command line :) Just use the right path for the .exe and you are in business. – Moreira 17/10, 2013 at 20:24

R

29

You are getting that error because the keytool executable is under the bin directory, not the lib directory in your example. And you will need to add the location of your keystore as well in the command line. There is a pretty good reference to all of this here - Jrun Help / Import certificates | Certificate stores | ColdFusion

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

Server Configuration:

cf_root/runtime/jre/lib/security/cacerts

Multiserver/J2EE on JRun 4 Configuration:

jrun_root/jre/lib/security/cacerts

Sun JDK installation:

jdk_root/jre/lib/security/cacerts

Consult documentation for other J2EE application servers and JVMs

The keytool is part of the Java SDK and can be found in the following places:

Server Configuration:

cf_root/runtime/bin/keytool

Multiserver/J2EE on JRun 4 Configuration:

jrun_root/jre/bin/keytool

Sun JDK installation:

jdk_root/bin/keytool

Consult documentation for other J2EE application servers and JVMs

So if you navigate to the directory where the keytool executable is located your command line would look something like this:

keytool -list -v -keystore JAVA_HOME\jre\lib\security\cacert -storepass changeit

You will need to supply pathing information depending on where you run the keytool command from and where your certificate file resides.

Also, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

Reorder answered 17/10, 2013 at 16:18 Comment(7)

Thanks for your answer. Do you think the alternate option I added in my question would work? If yes, could you answer my question I asked over there? Just trying to avoid all the complex steps mentioned above. – Workroom 17/10, 2013 at 18:12

Side note, in case it is not obvious "changeit" is just the default password. For security reasons, it should be changed .. to something more secure. – Moreira 17/10, 2013 at 20:34

@nitantkumar - No, IE uses it's own keystore not the same as the java keystore. You can export the certificate from IE, and save it in the DER format. Then you take that file and import it (using the keytool) into the Java keystore. It is not really that complicated. – Reorder 17/10, 2013 at 20:46

@Reorder Do you know where can I find the Automatically saved certificate saved by IE? – Workroom 18/10, 2013 at 7:28

@nitantkumar - I will leave this answer as it answers your original question posted here. Why you received the error and how to retrieve a list of currently installed certificates. Now you are asking another question regarding how to install the certificate. Accept this answer if it worked for you and then ask a new question regarding the installation process. This makes it less confusing for people who may find this thread later. Never mind on opening a new question, I found your other question and will answer there https://mcmap.net/q/353977/-getting-unable-to-read-wsdl-error/1636917 – Reorder 18/10, 2013 at 12:13

i am using latest version of JDK and android studio. I can not find jre in the jdk-13 folder. – Enthrall 13/11, 2019 at 4:44

@ramanraman That has changed since version 11 (I believe). See this answer for details. – Reorder 13/11, 2019 at 12:56

M

59

Add your JDK's /bin folder to the PATH environmental variable. You can do this under System settings > Environmental variables, or via CLI:
```
set PATH=%PATH%;C:\Program Files\Java\jdk1.7.0_80\bin
```
Close and reopen your CLI window

Monosyllabic answered 17/10, 2016 at 13:26 Comment(5)

Hm, mine doesn't stay after closing/opening cmd window – Horseradish 25/5, 2017 at 6:28

I remember this saved my life :D I have problems again and this helps again, I did not find any other solution that helps me. Thank you very much for sharing this. @Horseradish Make sure you add correct jdk version, for me it's C:\Program Files\Java\jdk1.8.0_73\bin – Harlanharland 7/6, 2017 at 16:33

Will the keytool import certificates for both the JRE and the JDK, or will the keytool need to be run separately for both? – Ounce 27/10, 2017 at 14:54

thank you. Next step is openssl' is not recognized as an internal ... – Pointsman 16/10, 2018 at 7:25

It is not working. I am using latest jdk .ANdroid studio has pre-installed jre that is why I am not using any JRE separately. i only have jdk for AS. – Enthrall 13/11, 2019 at 4:45

R

29

You are getting that error because the keytool executable is under the bin directory, not the lib directory in your example. And you will need to add the location of your keystore as well in the command line. There is a pretty good reference to all of this here - Jrun Help / Import certificates | Certificate stores | ColdFusion

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

Server Configuration:

cf_root/runtime/jre/lib/security/cacerts

Multiserver/J2EE on JRun 4 Configuration:

jrun_root/jre/lib/security/cacerts

Sun JDK installation:

jdk_root/jre/lib/security/cacerts

Consult documentation for other J2EE application servers and JVMs

The keytool is part of the Java SDK and can be found in the following places:

Server Configuration:

cf_root/runtime/bin/keytool

Multiserver/J2EE on JRun 4 Configuration:

jrun_root/jre/bin/keytool

Sun JDK installation:

jdk_root/bin/keytool

Consult documentation for other J2EE application servers and JVMs

So if you navigate to the directory where the keytool executable is located your command line would look something like this:

keytool -list -v -keystore JAVA_HOME\jre\lib\security\cacert -storepass changeit

You will need to supply pathing information depending on where you run the keytool command from and where your certificate file resides.

Also, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

Reorder answered 17/10, 2013 at 16:18 Comment(7)

Thanks for your answer. Do you think the alternate option I added in my question would work? If yes, could you answer my question I asked over there? Just trying to avoid all the complex steps mentioned above. – Workroom 17/10, 2013 at 18:12

Side note, in case it is not obvious "changeit" is just the default password. For security reasons, it should be changed .. to something more secure. – Moreira 17/10, 2013 at 20:34

@nitantkumar - No, IE uses it's own keystore not the same as the java keystore. You can export the certificate from IE, and save it in the DER format. Then you take that file and import it (using the keytool) into the Java keystore. It is not really that complicated. – Reorder 17/10, 2013 at 20:46

@Reorder Do you know where can I find the Automatically saved certificate saved by IE? – Workroom 18/10, 2013 at 7:28

@nitantkumar - I will leave this answer as it answers your original question posted here. Why you received the error and how to retrieve a list of currently installed certificates. Now you are asking another question regarding how to install the certificate. Accept this answer if it worked for you and then ask a new question regarding the installation process. This makes it less confusing for people who may find this thread later. Never mind on opening a new question, I found your other question and will answer there https://mcmap.net/q/353977/-getting-unable-to-read-wsdl-error/1636917 – Reorder 18/10, 2013 at 12:13

i am using latest version of JDK and android studio. I can not find jre in the jdk-13 folder. – Enthrall 13/11, 2019 at 4:44

@ramanraman That has changed since version 11 (I believe). See this answer for details. – Reorder 13/11, 2019 at 12:56

H

12

Run the CMD as run as administrator this worked for me

Hecker answered 17/10, 2014 at 7:7 Comment(1)

Tried the answers above about setting env path to different locations of where keytool can be found and none of that worked. Oddly, it just worked after running it as administrator. Running Win10 x64 – Ripuarian 20/6, 2018 at 12:34

H

4

I finally solved the problem!!! You should first set the jre path to system variables by navigating to::

control panel > System and Security > System > Advanced system settings

Under System variables click on new

Variable name: KEY_PATH
Variable value: C:\Program Files (x86)\Java\jre1.8.0_171\bin

Where Variable value should be the path to your JDK's bin folder.

Then open command prompt and Change directory to the same JDK's bin folder like this

C:\Program Files (x86)\Java\jre1.8.0_171\bin

then paste,

keytool -list -v -keystore "C:\Users\user\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android

NOTE: People are confusing jre and jdk. All I did applied strictly to jre

Harter answered 27/9, 2019 at 6:15 Comment(1)

Glad you solved your problem. FYI, the original question was about using keytool with ColdFusion's custom java install - not Android. For anyone using CF, the above method won't work (different paths, default passwords, etc..). See the accepted answer https://mcmap.net/q/343012/-keytool-is-not-recognized-as-an-internal-or-external-command – Womanizer 27/9, 2019 at 13:50

S

3

Execute following command:

set PATH="C:\Program Files (x86)\Java\jre7"

(whichever JRE exists in case of 64bit).

Because your Java Path is not set so you can just do this at command line and then execute the keytool import command.

Salangia answered 1/6, 2016 at 18:29 Comment(0)

N

1

A simple solution of error is that you first need to change the folder directory in command prompt. By default in command prompt or in terminal(Inside Android studio in the bottom)tab the path is set to C:\Users#Name of your PC that you selected\AndroidStudioProjects#app name\flutter_app> Change accordingly:- C:\Users#Name of your PC that you selected\AndroidStudioProjects#app name\flutter_app>cd\

type cd (#after flutter_app>), type only cd\ not comma's

then type cd Program Files\Java\jre1.8.0_251\bin (#remember to check the file name of jre properly)

now type keytool -list -v -keystore "%USERPROFILE%.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android (without anyspace type the command).

screenshot of the codes to run

Nozzle answered 3/5, 2020 at 20:14 Comment(1)

Please format your answer properly and add the image inline. – Delamare 4/5, 2020 at 0:23

A

0

Make sure JAVA_HOME is set and the path in environment variables. The PATH should be able to find the keytools.exe

Open “Windows search” and search for "Environment Variables"

Under “System variables” click the “New…” button and enter JAVA_HOME as “Variable name” and the path to your Java JDK directory under “Variable value” it should be similar to this C:\Program Files\Java\jre1.8.0_231

Actually answered 5/1, 2020 at 6:16 Comment(0)

B

0

I tried all the solutions above and didn't work. here's what I did, first I defined all the right paths in Path windows; didn't work. instead I defined them in Android terminal like this : first open up a local terminal and go to the setting like this :

after that click on environment variable in the setting like this :

and set the actual variable there like this :

after that click all the OK buttons and type keytool in the terminal. should do fine.

Barbican answered 2/8, 2022 at 12:31 Comment(0)

H

0

If none of the above solutions worked for you, first you need to download JDK from this Link. After installing it, if you are a windows user you need to set its path to Environment variables. like so:

Search for Environment variables in start menu or open it by right clicking on

This PC -> Properties -> Environment variables

After system properties window came up, open Environment variables
There are 2 boxes, in the bottom one, double click on path
Then in new window, click on New
Now replace the path to bin folder of JDK you just installed. (the default path is: C:\Program Files\Java\jdk-17\bin)

PS: to test if your good to go or not, open terminal and type keytool. You shouldn't be seeing the error any more.

Hyperaemia answered 23/2 at 16:59 Comment(0)

type cd (#after flutter_app>), type only cd\ not comma's

then type cd Program Files\Java\jre1.8.0_251\bin (#remember to check the file name of jre properly)

now type keytool -list -v -keystore "%USERPROFILE%.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android (without anyspace type the command).

Recommended topics

Hot tags

type **cd** (#after flutter_app>), type only cd\ not comma's

then type cd Program Files\Java\jre1.8.0_251\bin (#remember to check the file name of jre properly)

now type keytool -list -v -keystore "%USERPROFILE%.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android (without anyspace type the command).

Recommended topics

Hot tags

type cd (#after flutter_app>), type only cd\ not comma's