not-yet-commons-ssl-0.3.11.jar can accomplish what you are trying to do. Details here:
http://juliusdavies.ca/commons-ssl/utilities.html#ksb java -cp not-yet-commons-ssl-0.3.11.jar org.apache.commons.ssl.KeyStoreBuilder KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore" KeyStoreBuilder: creates '[alias].jks' (Java Key Store) -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8) [alias] will be set to the first CN value of the X509 certificate. ------------------------------------------------------------------- Usage1: [password] [file:pkcs12] Usage2: [password] [file:private-key] [file:certificate-chain] Usage3: -topk8 [password] [file:jks] ------------------------------------------------------------------- [private-key] can be openssl format, or pkcs8. [password] decrypts [private-key], and also encrypts outputted JKS file. All files can be PEM or DER. You can download it here: http://juliusdavies.ca/commons-ssl/download.html On Thu, Aug 27, 2009 at 4:37 AM, Mohan Radhakrishnan <radhakrishnan.mo...@gmail.com> wrote: > Not it does not look like I need OpenSSL. The following Java command > could import the entire chain. > > keytool -import -alias visaftpsflux -file visacertificateedited.cer > -trustcacerts -keystore FSSNABMAPSVISA.jks -storepass password > > Further testing is required. > > Mohan > > > On Thu, Aug 27, 2009 at 4:24 PM, Mohan > Radhakrishnan<radhakrishnan.mo...@gmail.com> wrote: >> What is the link between the existing key's alias and the alias used >> while importing the CA-root and sub-root certificates ? >> >> The CA-root and sub-root certificates have been imported with new >> aliases. The old alias throws an error. >> >> Thanks, >> Mohan >> >> On Thu, Aug 27, 2009 at 2:35 PM, Mohan >> Radhakrishnan<radhakrishnan.mo...@gmail.com> wrote: >>> I have an ASCII text file with a chain of certificates. I had earlier >>> sent a CSR and got these certificates back from the CA. >>> >>> When I opened the ASCII file I see some text before and after ---BEGIN >>> CERTIFICATE-- and --END CERTIFICATE-- >>> >>> I removed this test because they were file names like >>> CASubroot.pem.txt, CArootpem.txt etc. >>> >>> I tried to use openssl to convert these .pem certificates to .der. It >>> didn't work. I am sure I am doing something wrong. >>> >>> >>> How do I load these certificates into the Java KeyStore ? Since these >>> are certificates signing my CSR I am going to load >>> them back to the Java KeyStore( Not the TrustStore ). >>> >>> Can anyone throw some light on this procedure ? >>> >>> Thanks, >>> Mohan >>> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/logging.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
