You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Tim Wild <ti...@solnetsolutions.co.nz> on 2004/05/26 03:15:24 UTC
importing certs with private key into keystore
Hi,
Can anyone tell me how to get my client certificate, complete with
private key, into my Java keystore? I have my openssl generated
certificate and private key in .pem files. I can get it in sometimes,
but never with private key, and if I do get it in I get errors when I
try to use Java to present the client cert. I've read LOTS of guides on
the web, but none seem accurate.
I managed this yesterday, but I can't work out how I did it... this
key/keystore/certificate stuff's driving my crazy!
Many thanks for any ideas
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
Re: importing certs with private key into keystore
Posted by Tim Wild <ti...@solnetsolutions.co.nz>.
I managed it another way (after pulling my hair out for quite a while),
using OpenSSL.
openssl req -new -keyout bobkey.pem -out bobreq.pem -days 360
cat bobreq.pem bobkey.pem > bobreq2.pem
openssl ca -policy policy_anything -out bobcert.pem -infiles bobreq2.pem
openssl pkcs12 -in bobcert.pem -out bobcert.p12 -export -inkey bobkey.pem
Now use KeyTool (http://www.waynegrant.info/keytool.html). Create a new
JKS formatted keystore in the root directory of your project. Choose
Tools | Import key pair. Choose bobcert.p12, enter the password. Hit
import, and SET THE PASSWORD THE SAME AS THE KEYSTORE PASSWORD. If you
have trouble, set the client key and cert password to the same as the
password for the p12 file and the keystore.
Jesus M. Salvo Jr. wrote:
>
> Hi,
>
> What I did was this:
>
> 1) I created a keystore with a new private key via:
>
> keytool -genkey
>
> ... which will create a JKS keystore
>
> 2) I then load the PKCS12 keystore
>
> KeyStore inputKeyStore = KeyStore.getInstance( "PKCS12" );
> inputKeyStore.load(new
> FileInputStream("replace_with_your_PKCS12_keystore.p12"),
> "replace_with_your_passphrase".toCharArray());
>
> 3) I then load the JKS keystore
>
> KeyStore outputKeyStore = KeyStore.getInstance( "JKS" );
> outputKeyStore.load( new
> FileInputStream("replace_with_your_JKS_keystore.jks"),
> "replace_with_your_JKS_passphrase".toCharArray());
>
>
> 4) I then load the certs from the PKCS12 and store them into the JKS
> keystore:
>
> Enumeration aliases = inputKeyStore.aliases();
> String alias;
> Certificate certs[];
> Certificate cert;
> X509Certificate x509cert;
> Key key = null;
> while( aliases.hasMoreElements() ) {
> alias = (String) aliases.nextElement();
> System.out.println( "Alias: " + alias + "
> =========================== " );
>
> if( inputKeyStore1.isKeyEntry( alias ) ) {
> key = inputKeyStore1.getKey( alias,
> "wcapcertpreconfig37".toCharArray() );
> System.out.println( "Private Key Type: " +
> key.getClass().getName() );
> System.out.println( "Private Key Algorithm: " +
> key.getAlgorithm() );
> System.out.println( "Private Key Format: " + key.getFormat() );
> }
>
> certs = inputKeyStore.getCertificateChain( alias );
> System.out.println( "Certificate chain has " + certs.length + "
> entries." );
> for( int i = 0 ; i < certs.length; i++ ) {
> cert = certs[ i ];
> System.out.println( " ----------------------------------- " );
> System.out.println( "\tType: " + cert.getType() );
> System.out.println( "\tIsKey: " + inputKeyStore1.isKeyEntry(
> alias ));
> System.out.println( "\tIsCertificate: " +
> inputKeyStore1.isCertificateEntry( alias ));
> if( cert instanceof X509Certificate ) {
> x509cert = ( X509Certificate ) cert;
> System.out.println( "\tSubject: " +
> x509cert.getSubjectDN().getName() );
> System.out.println( "\tIssuer: " +
> x509cert.getIssuerDN().getName() );
> }
> System.out.println( "\tPublic Key Algorithim: " +
> cert.getPublicKey().getAlgorithm() );
> System.out.println( "\tPublic Key Format: " +
> cert.getPublicKey().getFormat() );
> }
>
> outputKeyStore.setKeyEntry( alias, key,
> "replace_with_your_JKS_passphrase".toCharArray(), certs );
> }
>
> System.out.println( "Saving to new keystore ... " );
> outputKeyStore.store( new FileOutputStream(
> "replace_with_your_JKS_keystore.jks" ),
> "replace_with_your_JKS_passphrase".toCharArray() );
> System.out.println( "New keystore saved " );
>
>
>
> 5) I then repeat the same process for each PKCS12 file.
>
>
>
> Tim Wild wrote:
>
>> Hi,
>>
>> Can anyone tell me how to get my client certificate, complete with
>> private key, into my Java keystore? I have my openssl generated
>> certificate and private key in .pem files. I can get it in
>> sometimes, but never with private key, and if I do get it in I get
>> errors when I try to use Java to present the client cert. I've read
>> LOTS of guides on the web, but none seem accurate.
>>
>> I managed this yesterday, but I can't work out how I did it... this
>> key/keystore/certificate stuff's driving my crazy!
>>
>> Many thanks for any ideas
>>
>> Tim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> commons-httpclient-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail:
>> commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
Re: importing certs with private key into keystore
Posted by "Jesus M. Salvo Jr." <je...@migasia.com>.
Hi,
What I did was this:
1) I created a keystore with a new private key via:
keytool -genkey
... which will create a JKS keystore
2) I then load the PKCS12 keystore
KeyStore inputKeyStore = KeyStore.getInstance( "PKCS12" );
inputKeyStore.load(new
FileInputStream("replace_with_your_PKCS12_keystore.p12"),
"replace_with_your_passphrase".toCharArray());
3) I then load the JKS keystore
KeyStore outputKeyStore = KeyStore.getInstance( "JKS" );
outputKeyStore.load( new
FileInputStream("replace_with_your_JKS_keystore.jks"),
"replace_with_your_JKS_passphrase".toCharArray());
4) I then load the certs from the PKCS12 and store them into the JKS
keystore:
Enumeration aliases = inputKeyStore.aliases();
String alias;
Certificate certs[];
Certificate cert;
X509Certificate x509cert;
Key key = null;
while( aliases.hasMoreElements() ) {
alias = (String) aliases.nextElement();
System.out.println( "Alias: " + alias + "
=========================== " );
if( inputKeyStore1.isKeyEntry( alias ) ) {
key = inputKeyStore1.getKey( alias,
"wcapcertpreconfig37".toCharArray() );
System.out.println( "Private Key Type: " +
key.getClass().getName() );
System.out.println( "Private Key Algorithm: " +
key.getAlgorithm() );
System.out.println( "Private Key Format: " + key.getFormat() );
}
certs = inputKeyStore.getCertificateChain( alias );
System.out.println( "Certificate chain has " + certs.length + "
entries." );
for( int i = 0 ; i < certs.length; i++ ) {
cert = certs[ i ];
System.out.println( " ----------------------------------- " );
System.out.println( "\tType: " + cert.getType() );
System.out.println( "\tIsKey: " + inputKeyStore1.isKeyEntry(
alias ));
System.out.println( "\tIsCertificate: " +
inputKeyStore1.isCertificateEntry( alias ));
if( cert instanceof X509Certificate ) {
x509cert = ( X509Certificate ) cert;
System.out.println( "\tSubject: " +
x509cert.getSubjectDN().getName() );
System.out.println( "\tIssuer: " +
x509cert.getIssuerDN().getName() );
}
System.out.println( "\tPublic Key Algorithim: " +
cert.getPublicKey().getAlgorithm() );
System.out.println( "\tPublic Key Format: " +
cert.getPublicKey().getFormat() );
}
outputKeyStore.setKeyEntry( alias, key,
"replace_with_your_JKS_passphrase".toCharArray(), certs );
}
System.out.println( "Saving to new keystore ... " );
outputKeyStore.store( new FileOutputStream(
"replace_with_your_JKS_keystore.jks" ),
"replace_with_your_JKS_passphrase".toCharArray() );
System.out.println( "New keystore saved " );
5) I then repeat the same process for each PKCS12 file.
Tim Wild wrote:
> Hi,
>
> Can anyone tell me how to get my client certificate, complete with
> private key, into my Java keystore? I have my openssl generated
> certificate and private key in .pem files. I can get it in sometimes,
> but never with private key, and if I do get it in I get errors when I
> try to use Java to present the client cert. I've read LOTS of guides
> on the web, but none seem accurate.
>
> I managed this yesterday, but I can't work out how I did it... this
> key/keystore/certificate stuff's driving my crazy!
>
> Many thanks for any ideas
>
> Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>
>
>
--
Jesus M. Salvo Jr.
Mobile Internet Group Pty Ltd
(formerly Softgame International Pty Ltd)
M: +61 409 126699
T: +61 2 94604777
F: +61 2 94603677
PGP Public key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0BA5348
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org