Never used the Keytool but I have deleted the Default keyring and recreated on a local PC to fix the corrupted .sth file.

You will have to re-import all of your local CA for all of your iSeries. But you have only one and it is expired, no difference.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Peter Connell
Sent: Monday, January 27, 2014 3:08 PM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: keytool on DEFAULT.KDB

I have a problem in that I can't change the password for the local CA on a test machine where the CA cert expired 5 ago.
It may be that the store was somehow created without a password. I'm not sure how to get around this.

Anyway I've tried to use keytool to show that I can list the CA store on another machine that's OK but that throws an error.

keytool -list -keystore /QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB -storetype PKCS12

After being challenged for the password I get
keytool error: PFX parsing error, not a SEQUENCE.

Anybody ever listed the store using keytool?

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page