Common Java KeyTool Commands

Java Keytool Commands for Creating and Importing

The commands below allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
  • Generate a certificate signing request (CSR) for an existing Java keystore
    keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
  • Generate a keystore and self-signed certificate
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

Use these commands to check the information within a certificate or Java keystore.

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

VBScript To Insert Values Into UBE Data Selection List Of Values

First off… Shannon Moir ROCKS!

He has put together a VBScript that will insert a list of values into the UBE Data Selection List of Values text area on a fat client. If you do much data migration or data refresh work this script will really help.

EnterpriseOne IBM iSeries (AS400) Power Outage Fix


WHAT!?! That’s not supposed to happen.

Don’t I know it. Don’t ask.

After this unfortunate incident, EnterpirseOne came back up great. Nothing in the logs indicating an issue and no issues reported by users.

That is until several users logged in and the system came to a screeching halt. Grids wouldn’t populate. UBE jobs stayed in a “Waiting” status. And eventually, the following error was found in the enterprise server logs:

IPC2100017 – createIPCMsgq (name Net32Q) failed, errno=3457: File exists..

It was a very frustrating day, but thankfully we were able to resolve it using Oracle Support Doc 659250.1 :


Invalid files exist in system library.

UBEs on the iSeries process in USRQs (User Queues).  When the UBE is done processing, the USRQ should be deleted by EnterpriseOne. On occasion, USRQs do not get deleted, leaving orphaned USRQs in the system.  If another UBE is submitted to the server, it may try to use the orphaned USRQ causing the error message above.  To resolve this issue, the orphaned USRQ(s) need to be deleted.


Steps to delete a USRQ:

  1. ENDNET to end oneworld services using AS400 user profile ONEWORLD
  3. Issue command:  WRKOBJ E910SYS/Q0000*  —  where E910SYS is your E1 system library name
  4. If the object type is *USRQ you can delete these orphaned user queues.
  5. STRNET to start JDE services
  6. Start HTML server


Restore SQL Server Database On A Schedule

Keep Calm and AutomateOne of our companies has a training environment in addition to the standard PS,DV, PY & PD environments. They have been working very hard refining their Procure-To-Process (P2P). Now that they know how they would like to handle this process, they need to train the users. That’s where the P2P Training (PTR) environment comes in.

We setup the environment and have had everything running smoothly for the last few months. However, last week we received a request to backup the data in that environment and then restore that backup copy every morning for the next 2 weeks.

It’s a really simple process, but kind of a pain that I had to manually do the restore.

Well, if you’ve been reading this blog for very long, you know that I can’t stand doing things more than once. A trained monkey, I am not. If it can be automated, I do it and it usually makes sense to do so. This was definitely one of those times.

What I ended up doing was making 2 files:

  1. A bat file to call the sql file
  2. The sql file

Then, I just added a scheduled task that fired off the bat file every morning.

Note: When creating the scheduled task, you will need to fill in a value for the “Start in” option. I’m not sure why but it only works if you fill that in. I was using Windows Server 2008 R2 so your mileage may vary.

Scheduled Task Start In Option

EnterpriseOne Business Services (BSSV) Error: Security Token Failed To Validate

Every once in a while we get the following error on a system that interacts with EnterpriseOne using business services (BSSV).

Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@2eba8ea[status: false][msg UNT Error:Message Created time past the current time even accounting for set clock skew]

Fortunately, until today, this error was always received when using our test environment and we couldn’t get it to be consistent so it went unresolved. Well, today was the day it hit production. So, after a little research I was able to find the solution:

  1. Login to the Weblogic Serve Administration Console
  2. Click Environment
  3. Click Servers
  4. Click the server you want to work with
  5. Click the [Configuration] tab
  6. Click the [Server Start] tab
  7. Add the following to the Arguments textarea:

Oracle Weblogic Clock Skew

How To Move SQL Server Data and Transaction Log Files

I’ve been migrating data from an IBM AS/400 to a SQL Server a lot lately. Within the next year or so we should have completed migrating 3 more instances. Then, we will have all 7 instances on SQL Server.

In preparing for the final data migration of one of the instances, I had to move the data and transaction log files. I found a great article for this on MSSQLTips.

Below are the basic steps.

  1. Use the following commands to get the names and location of the data and transaction log files
  2. Set the database to single user mode and detach it

  3. Move the files to their new location
  4. Re-attach the database with the files at their new location

Recover Lost Disk Space

We currently share development clients and so there can be many people that use each one. Several times some of those clients have filled their C: drives and I have been unable to find where it went. I checked user desktops, downloads, etc. However, I was unable to find anything.

Then, I ran across a simple command that can empty the recycle bins of every user on the PC and help you recover your lost disk space:

Hopefully, writing this little tip here will help me remember and maybe help someone else that has lost disk space and doesn’t know where it went.

EnterpriseOne UBE Runtime Performance Audit

Yesterday, I saw a post by Shannon Moir called “Nice UBE / Batch Performance Summary“. It was great! It provided some the information needed to really evaluate the runtimes of your UBEs.

Shannon is a wiz at SQL on an Oracle database. Unfortunately for me, we don’t use Oracle databases. So, I converted Shannon’s SQL so that I can use it on SQL Server.

Thanks again, Shannon!

How To Include Third Party Or Custom JAR files In BSSV

The other day our developer, Jeff, was working on an issue and decided that it would be great if he could use a third party JAR file in a Business Services Service (BSSV) to run some CL programs on a legacy JDE World system. I had no idea how to set that up but told him I would look into it.

technologyThe first thing we had to do is get the JARs into JDeveloper so he could develop the service.  My coworker, Jolene, did a quick Google search and found this post: Adding Java Libraries to Oracle JDeveloper 11g R1

Then, we had to make it so that our BSSV build would be successful. I found this article on Oracle Support: How to Include Third Party or Custom Jar files to a BSSV

The steps to get this to work on Weblogic with TR > 9.1.4.x:

  1. Copy the custom/third party jar file(s) to the E1 System/classes directory on the Deployment Server
  2. Open the sbffoundation.ini file in the System/classes directory on the Deployment Server. Under the [Foundation] section add the third party jar(s) after the list of E1 foundation jar files, for example:

  3. Then, run a BSSV build and deploy it.

That’s it! This was a lot easier than I thought it was going to be.  You get to say that too often when working with JDE. 😉

Have you done this before? What did you use it for?