hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Wild <tim.w...@solnetsolutions.co.nz>
Subject Re: importing certs with private key into keystore
Date Wed, 26 May 2004 02:46:29 GMT
I managed it another way (after pulling my hair out for quite a while), 
using OpenSSL.

openssl req -new -keyout bobkey.pem -out bobreq.pem -days 360
cat bobreq.pem bobkey.pem > bobreq2.pem
openssl ca -policy policy_anything -out bobcert.pem -infiles bobreq2.pem
openssl pkcs12 -in bobcert.pem -out bobcert.p12 -export -inkey bobkey.pem

Now use KeyTool (http://www.waynegrant.info/keytool.html). Create a new 
JKS formatted keystore in the root directory of your project. Choose 
Tools | Import key pair. Choose bobcert.p12, enter the password. Hit 
import, and SET THE PASSWORD THE SAME AS THE KEYSTORE PASSWORD. If you 
have trouble, set the client key and cert password to the same as the 
password for the p12 file and the keystore.

Jesus M. Salvo Jr. wrote:

>
> Hi,
>
> What I did was this:
>
> 1) I created a keystore with a new private key via:
>
>    keytool -genkey
>
> ... which will create a JKS keystore
>
> 2) I then load the PKCS12 keystore
>
> KeyStore inputKeyStore = KeyStore.getInstance( "PKCS12" );
> inputKeyStore.load(new 
> FileInputStream("replace_with_your_PKCS12_keystore.p12"), 
> "replace_with_your_passphrase".toCharArray());
>
> 3) I then load the JKS keystore
>
> KeyStore outputKeyStore = KeyStore.getInstance( "JKS" );
> outputKeyStore.load( new 
> FileInputStream("replace_with_your_JKS_keystore.jks"), 
> "replace_with_your_JKS_passphrase".toCharArray());
>
>
> 4) I then load the certs from the PKCS12 and store them into the JKS 
> keystore:
>
>    Enumeration aliases = inputKeyStore.aliases();
>    String alias;
>    Certificate certs[];
>    Certificate cert;
>    X509Certificate x509cert;
>    Key key = null;
>    while( aliases.hasMoreElements() ) {
>      alias = (String) aliases.nextElement();
>      System.out.println( "Alias: " + alias + " 
> =========================== " );
>
>      if( inputKeyStore1.isKeyEntry( alias ) ) {
>        key = inputKeyStore1.getKey( alias, 
> "wcapcertpreconfig37".toCharArray() );
>        System.out.println( "Private Key Type: " + 
> key.getClass().getName() );
>        System.out.println( "Private Key Algorithm: " + 
> key.getAlgorithm() );
>        System.out.println( "Private Key Format: " + key.getFormat() );
>      }
>
>      certs = inputKeyStore.getCertificateChain( alias );
>      System.out.println( "Certificate chain has " + certs.length + " 
> entries."  );
>      for( int i = 0 ; i < certs.length; i++ ) {
>        cert = certs[ i ];
>        System.out.println( " ----------------------------------- " );
>        System.out.println( "\tType: " + cert.getType() );
>        System.out.println( "\tIsKey: " + inputKeyStore1.isKeyEntry( 
> alias ));
>        System.out.println( "\tIsCertificate: " + 
> inputKeyStore1.isCertificateEntry( alias ));
>        if( cert instanceof X509Certificate ) {
>          x509cert = ( X509Certificate ) cert;
>          System.out.println( "\tSubject: " + 
> x509cert.getSubjectDN().getName() );
>          System.out.println( "\tIssuer: " + 
> x509cert.getIssuerDN().getName() );
>        }
>        System.out.println( "\tPublic Key Algorithim: " + 
> cert.getPublicKey().getAlgorithm() );
>        System.out.println( "\tPublic Key Format: " + 
> cert.getPublicKey().getFormat() );
>      }
>
>      outputKeyStore.setKeyEntry( alias, key, 
> "replace_with_your_JKS_passphrase".toCharArray(), certs );
>    }
>
>    System.out.println( "Saving to new keystore ... " );
>    outputKeyStore.store( new FileOutputStream( 
> "replace_with_your_JKS_keystore.jks" ), 
> "replace_with_your_JKS_passphrase".toCharArray() );
>    System.out.println( "New keystore saved " );
>
>
>
> 5) I then repeat the same process for each PKCS12 file.
>
>
>
> Tim Wild wrote:
>
>> Hi,
>>
>> Can anyone tell me how to get my client certificate, complete with 
>> private key, into my Java keystore? I have my openssl generated 
>> certificate and private key  in .pem files. I can get it in 
>> sometimes, but never with private key, and if I do get it in I get 
>> errors when I try to use Java to present the client cert. I've read 
>> LOTS of guides on the web, but none seem accurate.
>>
>> I managed this yesterday, but I can't work out how I did it... this 
>> key/keystore/certificate stuff's driving my crazy!
>>
>> Many thanks for any ideas
>>
>> Tim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: 
>> commons-httpclient-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: 
>> commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message