Error generate certificate ssl with keystool

Posted on

Good afternoon, I have a query, I am trying to generate a self-signed ssl certificate on my RHEL 8 server with the following command:

keytool -keystore "/home/oracle/java/jdk1.8.0_162/jre/lib/security/cacerts" -import -alias ms-dev -file /home/osbext/domains/osbdom12cR2/resources/ms-dev.crt -storepass change

Error:

[osbext@tvdesosbe01 resources]$ keytool -keystore "/home/oracle/java/jdk1.8.0_162/jre/lib/security/cacerts" -import -alias ms-dev -file /home/osbext/domains/osbdom12cR2/resources/ms-dev.crt -storepass changeit
Owner: EMAILADDRESS=cesar.justo@telefonica.com, CN=Middleware-Telefonica Venezolana, OU=TI, O=Telefonica Venezolana, L=Caracas, ST=Caracas, C=VE
Issuer: EMAILADDRESS=cesar.justo@telefonica.com, CN=Middleware-Telefonica Venezolana, OU=TI, O=Telefonica Venezolana, L=Caracas, ST=Caracas, C=VE
Serial number: 41b38280bab81476525478407b744d6395f95b03
Valid from: Mon Jul 20 14:14:47 VET 2020 until: Fri Jun 02 14:14:47 VET 2220
Certificate fingerprints:
MD5: F4:DC:6B:73:5F:BA:0C:1A:44:AE:49:03:AB:E3:0E:A6
SHA1: D1:DB:E5:E8:6F:14:DF:54:3D:9F:C9:D9:8F:83:BA:2D:07:16:0F:F2
SHA256: 6E:E5:D7:C9:8A:A1:D0:3B:1C:BD:CE:1E:0F:73:96:DE:20:D7:65:16:57:9B:8D:55:A8:2B:13:02:16:1C:45:E3
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /home/oracle/java/jdk1.8.0_162/jre/lib/security/cacerts (Permission denied)

On the other hand I am seeing the group and user that can make use of the cacerts file (which I need to use to generate the certificate) and it has read and execute permission for the users of the oinstall group, the group in which my user osbext is located.

[osbext@tvdesosbe01 resources]$ ls -l /home/oracle/java/jdk1.8.0_162/jre/lib/security
total 212
-rwxr-xr-x. 1 oracle oinstall 4054 Jan 23 2018 blacklist
-rwxr-xr-x. 1 oracle oinstall 1273 Jan 23 2018 blacklisted.certs
-rwxr-xr-x. 1 oracle oinstall 113367 Jan 23 2018 cacerts
-rwxr-xr-x. 1 oracle oinstall 2466 Jan 23 2018 java.policy
-rwxr-xr-x. 1 oracle oinstall 40593 Mar 19 2018 java.security
-rwxr-xr-x. 1 oracle oinstall 40554 Jan 23 2018 java.security.19Mar2018
-rwxr-xr-x. 1 oracle oinstall 98 Jan 23 2018 javaws.policy
drwxr-xr-x. 4 oracle oinstall 4096 Jan 23 2018 policy
-rwxr-xr-x. 1 oracle oinstall 0 Jan 23 2018 trusted.libraries

[osbext@tvdesosbe01 resources]$ groups
oinstall

I don't have sudo permission, but do I necessarily need root permissions to execute this command?

CJ

Responses