hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesus M. Salvo Jr." <jesus.sa...@migasia.com>
Subject Re: importing certs with private key into keystore
Date Wed, 26 May 2004 01:58:25 GMT

Hi,

What I did was this:

1) I created a keystore with a new private key via:

    keytool -genkey

... which will create a JKS keystore

2) I then load the PKCS12 keystore

KeyStore inputKeyStore = KeyStore.getInstance( "PKCS12" );
inputKeyStore.load(new 
FileInputStream("replace_with_your_PKCS12_keystore.p12"), 
"replace_with_your_passphrase".toCharArray());

3) I then load the JKS keystore

KeyStore outputKeyStore = KeyStore.getInstance( "JKS" );
outputKeyStore.load( new 
FileInputStream("replace_with_your_JKS_keystore.jks"), 
"replace_with_your_JKS_passphrase".toCharArray());


4) I then load the certs from the PKCS12 and store them into the JKS 
keystore:

    Enumeration aliases = inputKeyStore.aliases();
    String alias;
    Certificate certs[];
    Certificate cert;
    X509Certificate x509cert;
    Key key = null;
    while( aliases.hasMoreElements() ) {
      alias = (String) aliases.nextElement();
      System.out.println( "Alias: " + alias + " 
=========================== " );

      if( inputKeyStore1.isKeyEntry( alias ) ) {
        key = inputKeyStore1.getKey( alias, 
"wcapcertpreconfig37".toCharArray() );
        System.out.println( "Private Key Type: " + 
key.getClass().getName() );
        System.out.println( "Private Key Algorithm: " + 
key.getAlgorithm() );
        System.out.println( "Private Key Format: " + key.getFormat() );
      }

      certs = inputKeyStore.getCertificateChain( alias );
      System.out.println( "Certificate chain has " + certs.length + " 
entries."  );
      for( int i = 0 ; i < certs.length; i++ ) {
        cert = certs[ i ];
        System.out.println( " ----------------------------------- " );
        System.out.println( "\tType: " + cert.getType() );
        System.out.println( "\tIsKey: " + inputKeyStore1.isKeyEntry( 
alias ));
        System.out.println( "\tIsCertificate: " + 
inputKeyStore1.isCertificateEntry( alias ));
        if( cert instanceof X509Certificate ) {
          x509cert = ( X509Certificate ) cert;
          System.out.println( "\tSubject: " + 
x509cert.getSubjectDN().getName() );
          System.out.println( "\tIssuer: " + 
x509cert.getIssuerDN().getName() );
        }
        System.out.println( "\tPublic Key Algorithim: " + 
cert.getPublicKey().getAlgorithm() );
        System.out.println( "\tPublic Key Format: " + 
cert.getPublicKey().getFormat() );
      }

      outputKeyStore.setKeyEntry( alias, key, 
"replace_with_your_JKS_passphrase".toCharArray(), certs );
    }

    System.out.println( "Saving to new keystore ... " );
    outputKeyStore.store( new FileOutputStream( 
"replace_with_your_JKS_keystore.jks" ), 
"replace_with_your_JKS_passphrase".toCharArray() );
    System.out.println( "New keystore saved " );



5) I then repeat the same process for each PKCS12 file.



Tim Wild wrote:

> Hi,
>
> Can anyone tell me how to get my client certificate, complete with 
> private key, into my Java keystore? I have my openssl generated 
> certificate and private key  in .pem files. I can get it in sometimes, 
> but never with private key, and if I do get it in I get errors when I 
> try to use Java to present the client cert. I've read LOTS of guides 
> on the web, but none seem accurate.
>
> I managed this yesterday, but I can't work out how I did it... this 
> key/keystore/certificate stuff's driving my crazy!
>
> Many thanks for any ideas
>
> Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> commons-httpclient-dev-help@jakarta.apache.org
>
>
>


-- 
Jesus M. Salvo Jr.
Mobile Internet Group Pty Ltd
(formerly Softgame International Pty Ltd)
M: +61 409 126699
T: +61 2 94604777
F: +61 2 94603677

PGP Public key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0BA5348




---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message