openssl req -new -keyout bobkey.pem -out bobreq.pem -days 360 cat bobreq.pem bobkey.pem > bobreq2.pem openssl ca -policy policy_anything -out bobcert.pem -infiles bobreq2.pem openssl pkcs12 -in bobcert.pem -out bobcert.p12 -export -inkey bobkey.pem
Now use KeyTool (http://www.waynegrant.info/keytool.html). Create a new JKS formatted keystore in the root directory of your project. Choose Tools | Import key pair. Choose bobcert.p12, enter the password. Hit import, and SET THE PASSWORD THE SAME AS THE KEYSTORE PASSWORD. If you have trouble, set the client key and cert password to the same as the password for the p12 file and the keystore.
Jesus M. Salvo Jr. wrote:
Hi,
What I did was this:
1) I created a keystore with a new private key via:
keytool -genkey
... which will create a JKS keystore
2) I then load the PKCS12 keystore
KeyStore inputKeyStore = KeyStore.getInstance( "PKCS12" );
inputKeyStore.load(new FileInputStream("replace_with_your_PKCS12_keystore.p12"), "replace_with_your_passphrase".toCharArray());
3) I then load the JKS keystore
KeyStore outputKeyStore = KeyStore.getInstance( "JKS" );
outputKeyStore.load( new FileInputStream("replace_with_your_JKS_keystore.jks"), "replace_with_your_JKS_passphrase".toCharArray());
4) I then load the certs from the PKCS12 and store them into the JKS keystore:
Enumeration aliases = inputKeyStore.aliases();
String alias;
Certificate certs[];
Certificate cert;
X509Certificate x509cert;
Key key = null;
while( aliases.hasMoreElements() ) {
alias = (String) aliases.nextElement();
System.out.println( "Alias: " + alias + " =========================== " );
if( inputKeyStore1.isKeyEntry( alias ) ) {
key = inputKeyStore1.getKey( alias, "wcapcertpreconfig37".toCharArray() );
System.out.println( "Private Key Type: " + key.getClass().getName() );
System.out.println( "Private Key Algorithm: " + key.getAlgorithm() );
System.out.println( "Private Key Format: " + key.getFormat() );
}
certs = inputKeyStore.getCertificateChain( alias );
System.out.println( "Certificate chain has " + certs.length + " entries." );
for( int i = 0 ; i < certs.length; i++ ) {
cert = certs[ i ];
System.out.println( " ----------------------------------- " );
System.out.println( "\tType: " + cert.getType() );
System.out.println( "\tIsKey: " + inputKeyStore1.isKeyEntry( alias ));
System.out.println( "\tIsCertificate: " + inputKeyStore1.isCertificateEntry( alias ));
if( cert instanceof X509Certificate ) {
x509cert = ( X509Certificate ) cert;
System.out.println( "\tSubject: " + x509cert.getSubjectDN().getName() );
System.out.println( "\tIssuer: " + x509cert.getIssuerDN().getName() );
}
System.out.println( "\tPublic Key Algorithim: " + cert.getPublicKey().getAlgorithm() );
System.out.println( "\tPublic Key Format: " + cert.getPublicKey().getFormat() );
}
outputKeyStore.setKeyEntry( alias, key, "replace_with_your_JKS_passphrase".toCharArray(), certs );
}
System.out.println( "Saving to new keystore ... " );
outputKeyStore.store( new FileOutputStream( "replace_with_your_JKS_keystore.jks" ), "replace_with_your_JKS_passphrase".toCharArray() );
System.out.println( "New keystore saved " );
5) I then repeat the same process for each PKCS12 file.
Tim Wild wrote:
Hi,
Can anyone tell me how to get my client certificate, complete with private key, into my Java keystore? I have my openssl generated certificate and private key in .pem files. I can get it in sometimes, but never with private key, and if I do get it in I get errors when I try to use Java to present the client cert. I've read LOTS of guides on the web, but none seem accurate.
I managed this yesterday, but I can't work out how I did it... this key/keystore/certificate stuff's driving my crazy!
Many thanks for any ideas
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
