Jack Jack - 10 months ago 106
Java Question

keytool is not recognized as an internal /external command

I know this question has been discussed in the past but still I would like to clarify few things:

I'm trying to discover the list of trusted authorities in my Java Runtime using the instructions in this article. When I typed the command below:

C:\ColdFusion8\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore

I got the following error:

'keytool' is not recognized as an internal or external command,
operable program or batch file.

I also checked that the directory the keytool executable is in, the path.
(For example, on my Windows 7 machine, it's in
C:\Program Files (x86)\Java\jre6\bin
. However, I am still wondering whats wrong. By the way I'm assuming that there are two
separated commands mentioned in the doc:

  1. C:\CFusionMX\runtime\jre\lib>keytool -list -storepass changeit -noprompt -keystore

  2. C:\CFusionMX\runtime\jre\lib\security\cacerts


By the way can I use the following process instead of complex steps mentioned in the answer?

  1. When I opened the WSDL into my browser, I saw the Lock icon, when I clicked on it
    a "Certificate" window opened

  2. Then I clicked on "Install Certificate" option

  3. A Certificate Import Wizard window opened, I clicked on Next I saw two options

    • a) Automatically select the certificate store based on the type of certificate(this
      option was selected automatically)

    • b) Place all certificates in the following store

I decided to selected option
but I'm confused which certificate store
I should select here. Any ideas?

Answer Source

You are getting that error because the keytool executable is under the bin directory, not the lib directory in your example. And you will need to add the location of your keystore as well in the command line. There is a pretty good reference to all of this here - Jrun Help / Import certificates | Certificate stores | ColdFusion

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

  • Server Configuration:


  • Multiserver/J2EE on JRun 4 Configuration:


  • Sun JDK installation:


  • Consult documentation for other J2EE application servers and JVMs

The keytool is part of the Java SDK and can be found in the following places:

  • Server Configuration:


  • Multiserver/J2EE on JRun 4 Configuration:


  • Sun JDK installation:


  • Consult documentation for other J2EE application servers and JVMs

So if you navigate to the directory where the keytool executable is located your command line would look something like this:

keytool -list -v -keystore JAVA_HOME\jre\lib\security\cacert -storepass changeit

You will need to supply pathing information depending on where you run the keytool command from and where your certificate file resides.

Also, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.