Can't help you with 1. 2. Convert a key and certificate generated using OpenSSL into a format usable by JSSE/keytool:
o export your private key and certificate to a PEM format.
If you use openSSL to generate them, they are probably in PEM format
o Convert them to pkcs12 format with this command:
openssl pkcs12 -export -in yourPEMfileGoesHere.pem -out
yourKeystoreFilenameGoesHere
You now have a readable keystore ... but it is in pkcs12 format. I
wanted mine in JKS format. But first reassure yourself you have a
valid keystore by doing:
keytool -list -keystore yourKeystoreFilenameGoesHere -storetype PKCS12
to convert to JKS format, I compiled and ran the attached
java program:
java keymove yourKeystoreFilenameGoesHere pkcs12 theFinalKeystoreFilename
jks
The only gotcha with keymove is that the destination keystore *MUST* exist
beforehand.
I'm only documenting what worked for me; it does seem there must be a
quicker/simpler method.
Let me know if you run into any snags.
Ken.
--
Ken Kress [EMAIL PROTECTED]
SAS, The Bank of New York 484.605.4834
"Milind Gadre" <[EMAIL PROTECTED]>
08/11/2003 12:05 PM
Please respond to axis-user
To: <[EMAIL PROTECTED]>
cc: <[EMAIL PROTECTED]>
Subject: Re: WSOverSSL
Ken (or anyone else), would you have any ideas on how I can
1. Use JSSE/keytool to generate a key and certificate for use by
the Apache Web Server running OpenSSL??
OR
2. Convert a key and certificate generated using OpenSSL into a
format usable by JSSE/keytool?
This would allow me to run a Axis client against a Apache+Tomcat+Axis
server. Thanks in advance.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 11, 2003 8:52 AM
Subject: RE: WSOverSSL
> Sanjesh,
>
> It may take me a while (2-3 days) to integrate the two sets of
> instructions. If you have a specific question, I'd
> be happy to address it if I can.
>
> Ken.
>
> --
> Ken Kress [EMAIL PROTECTED]
> SAS, The Bank of New York 484.605.4834
>
>
>
>
> "Pathak, Sanjesh" <[EMAIL PROTECTED]>
> 08/06/2003 12:19 PM
> Please respond to axis-user
>
>
> To: <[EMAIL PROTECTED]>
> cc:
> Subject: RE: WSOverSSL
>
>
> Ken,
>
> In the meantine can you please send it to the user list.
>
> Thanks,
> Sanjesh
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 06, 2003 8:55 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: WSOverSSL
>
>
> The SOAP write up:
>
> http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html
>
> and Pakaj Kumar's page:
>
> http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
>
> were both very helpful when I was trying to connect an Axis
> client to a remote (Websphere) server over SSL.
>
> Thank you.
>
> I did run into some problems not covered by the articles and
> was wondering whether you would consider some additions
> to your documents.
>
> Specifically, I had difficulty in two areas:
>
> o the client certificate I was trying to install was a Verisign
> certificate stored in the Windows OS. I had to export it as a
> .pfx file and then use openssl to convert it (several steps)
> to a pkcs12 keystore. Finally, I converted that keystore into
> a jks keystore.
> o The client had to set the keystore property as well as the
> truststore property.
>
> Also, because I was using Axis, the client program is slightly
> different.
>
> If you are interested, please let me know where I should send
> my write up and in what format you would prefer it:
>
> o stand-alone document (Word or txt)
> o diffs to your document
> o ???
>
> Thanks,
>
> Ken.
>
> --
> Ken Kress [EMAIL PROTECTED]
> SAS, The Bank of New York 484.605.4834
>
>
_______________________________________________________________________
_
> The information in this e-mail, and any attachment therein, is
> confidential and for use by the addressee only. If you are not the
> intended recipient, please return the e-mail to the sender and delete
it
> from your computer. Although The Bank of New York attempts to sweep
e-mail
> and attachments for viruses, it does not guarantee that either are
> virus-free and accepts no liability for any damage sustained as a
result
> of viruses.
>
>
>
**********************************************************************
> This e-mail is the property of Enron Corp. and/or its relevant
affiliate
> and may contain confidential and privileged material for the sole use
of
> the intended recipient (s). Any review, use, distribution or
disclosure by
> others is strictly prohibited. If you are not the intended recipient
(or
> authorized to receive for the recipient), please contact the sender
or
> reply to Enron Corp. at [EMAIL PROTECTED] and
> delete all copies of the message. This e-mail (and any attachments
hereto)
> are not intended to be an offer (or an acceptance) and do not create
or
> evidence a binding and enforceable contract between Enron Corp. (or
any of
> its affiliates) and the intended recipient or any other party, and
may not
> be relied on by anyone as the basis of a contract by estoppel or
> otherwise. Thank you.
>
**********************************************************************
>
>
>
>
>
>
_______________________________________________________________________
_
> The information in this e-mail, and any attachment therein, is
confidential and for use by the addressee only. If you are not the
intended recipient, please return the e-mail to the sender and delete
it from your computer. Although The Bank of New York attempts to sweep
e-mail and attachments for viruses, it does not guarantee that either
are virus-free and accepts no liability for any damage sustained as a
result of viruses.
>
________________________________________________________________________
The information in this e-mail, and any attachment therein, is confidential and for
use by the addressee only. If you are not the intended recipient, please return the
e-mail to the sender and delete it from your computer. Although The Bank of New York
attempts to sweep e-mail and attachments for viruses, it does not guarantee that
either are virus-free and accepts no liability for any damage sustained as a result of
viruses.
keymove.java
Description: Binary data
