Can't help you with 1. 2. Convert a key and certificate generated using OpenSSL into a format usable by JSSE/keytool:
o export your private key and certificate to a PEM format. If you use openSSL to generate them, they are probably in PEM format o Convert them to pkcs12 format with this command: openssl pkcs12 -export -in yourPEMfileGoesHere.pem -out yourKeystoreFilenameGoesHere You now have a readable keystore ... but it is in pkcs12 format. I wanted mine in JKS format. But first reassure yourself you have a valid keystore by doing: keytool -list -keystore yourKeystoreFilenameGoesHere -storetype PKCS12 to convert to JKS format, I compiled and ran the attached java program: java keymove yourKeystoreFilenameGoesHere pkcs12 theFinalKeystoreFilename jks The only gotcha with keymove is that the destination keystore *MUST* exist beforehand. I'm only documenting what worked for me; it does seem there must be a quicker/simpler method. Let me know if you run into any snags. Ken. -- Ken Kress [EMAIL PROTECTED] SAS, The Bank of New York 484.605.4834 "Milind Gadre" <[EMAIL PROTECTED]> 08/11/2003 12:05 PM Please respond to axis-user To: <[EMAIL PROTECTED]> cc: <[EMAIL PROTECTED]> Subject: Re: WSOverSSL Ken (or anyone else), would you have any ideas on how I can 1. Use JSSE/keytool to generate a key and certificate for use by the Apache Web Server running OpenSSL?? OR 2. Convert a key and certificate generated using OpenSSL into a format usable by JSSE/keytool? This would allow me to run a Axis client against a Apache+Tomcat+Axis server. Thanks in advance. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 8:52 AM Subject: RE: WSOverSSL > Sanjesh, > > It may take me a while (2-3 days) to integrate the two sets of > instructions. If you have a specific question, I'd > be happy to address it if I can. > > Ken. > > -- > Ken Kress [EMAIL PROTECTED] > SAS, The Bank of New York 484.605.4834 > > > > > "Pathak, Sanjesh" <[EMAIL PROTECTED]> > 08/06/2003 12:19 PM > Please respond to axis-user > > > To: <[EMAIL PROTECTED]> > cc: > Subject: RE: WSOverSSL > > > Ken, > > In the meantine can you please send it to the user list. > > Thanks, > Sanjesh > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 8:55 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: WSOverSSL > > > The SOAP write up: > > http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html > > and Pakaj Kumar's page: > > http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html > > were both very helpful when I was trying to connect an Axis > client to a remote (Websphere) server over SSL. > > Thank you. > > I did run into some problems not covered by the articles and > was wondering whether you would consider some additions > to your documents. > > Specifically, I had difficulty in two areas: > > o the client certificate I was trying to install was a Verisign > certificate stored in the Windows OS. I had to export it as a > .pfx file and then use openssl to convert it (several steps) > to a pkcs12 keystore. Finally, I converted that keystore into > a jks keystore. > o The client had to set the keystore property as well as the > truststore property. > > Also, because I was using Axis, the client program is slightly > different. > > If you are interested, please let me know where I should send > my write up and in what format you would prefer it: > > o stand-alone document (Word or txt) > o diffs to your document > o ??? > > Thanks, > > Ken. > > -- > Ken Kress [EMAIL PROTECTED] > SAS, The Bank of New York 484.605.4834 > > _______________________________________________________________________ _ > The information in this e-mail, and any attachment therein, is > confidential and for use by the addressee only. If you are not the > intended recipient, please return the e-mail to the sender and delete it > from your computer. Although The Bank of New York attempts to sweep e-mail > and attachments for viruses, it does not guarantee that either are > virus-free and accepts no liability for any damage sustained as a result > of viruses. > > > ********************************************************************** > This e-mail is the property of Enron Corp. and/or its relevant affiliate > and may contain confidential and privileged material for the sole use of > the intended recipient (s). Any review, use, distribution or disclosure by > others is strictly prohibited. If you are not the intended recipient (or > authorized to receive for the recipient), please contact the sender or > reply to Enron Corp. at [EMAIL PROTECTED] and > delete all copies of the message. This e-mail (and any attachments hereto) > are not intended to be an offer (or an acceptance) and do not create or > evidence a binding and enforceable contract between Enron Corp. (or any of > its affiliates) and the intended recipient or any other party, and may not > be relied on by anyone as the basis of a contract by estoppel or > otherwise. Thank you. > ********************************************************************** > > > > > > _______________________________________________________________________ _ > The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although The Bank of New York attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. > ________________________________________________________________________ The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although The Bank of New York attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
keymove.java
Description: Binary data