SyntaxFix

[java] Importing the private-key/public-certificate pair in the Java KeyStore

I used the following steps to create a new Java keystore with a pair of private/public key to be used by a Java (internal) server with TLS. Please notice that the certificate is selfsigned:

1) Generate key with AES256

openssl genrsa -aes256 -out server.key 1024

2) Generate cert request for CA

openssl req -x509 -sha256 -new -key server.key -out server.csr

3) Generate self signed expiry-time 10 years

openssl x509 -sha256 -days 3652 -in server.csr -signkey server.key -out selfsigned.crt

4) Use a program like KeyStoreExplorer to import the pair (private key and selfsigned certificate) in a new JKS

This works but I'd like to implement the last step without using a GUI.

I know how to import the self signed certificate only:

// create the keystore and import the public key. THIS WILL NOT IMPORT THE PRIVATE KEY SO THE KEYSTORE CAN'T BE USED ON THE SERVER TO MAKE THE TLS CONNECTION
/usr/java/jdk1.6.0_45/bin/keytool -import -alias myservercert -file server.crt -keystore mykeystore.jks

So the question is: how can I create a Java KeyStore and import both the certificate with the public key and the private key without using a GUI?

This question is related to java ssl x509certificate keytool

The answer is

With your private key and public certificate, you need to create a PKCS12 keystore first, then convert it into a JKS.

# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12

# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert

To verify the contents of the JKS, you can use this command:

keytool -list -v -keystore mykeystore.jks

If this was not a self-signed certificate, you would probably want to follow this step with importing the certificate chain leading up to the trusted CA cert.

A keystore needs a keystore file. The KeyStore class needs a FileInputStream. But if you supply null (instead of FileInputStream instance) an empty keystore will be loaded. Once you create a keystore, you can verify its integrity using keytool.

Following code creates an empty keystore with empty password

  KeyStore ks2 = KeyStore.getInstance("jks");
  ks2.load(null,"".toCharArray());
  FileOutputStream out = new FileOutputStream("C:\\mykeytore.keystore");
  ks2.store(out, "".toCharArray());

Once you have the keystore, importing certificate is very easy. Checkout this link for the sample code.

Source: Stackoverflow.com

Examples related to java

Under what circumstances can I call findViewById with an Options Menu / Action Bar item? How much should a function trust another function How to implement a simple scenario the OO way Two constructors How do I get some variable from another class in Java? this in equals method How to split a string in two and store it in a field How to do perspective fixing? String index out of range: 4 My eclipse won't open, i download the bundle pack it keeps saying error log

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to x509certificate

Authentication failed because remote party has closed the transport stream curl: (60) SSL certificate problem: unable to get local issuer certificate How can I generate a self-signed certificate with SubjectAltName using OpenSSL? How does an SSL certificate chain bundle work? Importing the private-key/public-certificate pair in the Java KeyStore How to create a self-signed certificate with OpenSSL Error Importing SSL certificate : Not an X.509 Certificate What does the 'Z' mean in Unix timestamp '120314170138Z'? How to add subject alernative name to ssl certs? Export P7b file with all the certificate chain into CER file

Examples related to keytool

Keytool is not recognized as an internal or external command I have never set any passwords to my keystore and alias, so how are they created? Importing the private-key/public-certificate pair in the Java KeyStore keytool error bash: keytool: command not found How to add certificate chain to keystore? Change keystore password from no password to a non blank password How can I create keystore from an existing certificate (abc.crt) and abc.key files? Openssl is not recognized as an internal or external command How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"

Tags

Emacs-ediff Startmenu Stringtemplate Dialing Database-mirroring Apache-tuscany Heroku Mapreduce Sgen.exe Android-image Suid Locked-files Rating Uiaccelerometer Object-expected Mcms-2000 Tpm Defaultnetworkcredentials Flat-file Fnv Applicationdomain Systemc Login-page Vbc Phpthumb Schemabinding Protection Cxxtest Unhandled Arcball Listpreference Inflate Alexa Radiobuttonlist Plane Software-packaging Spc Retina-display Jsunit Locate Key-cache-size Tlabel Server-push Nonlinear-optimization Email-publisher Mpeg Mixed-authentication Container-classes Data-aware Smlnj Operationcontext Tinytext Pipelining Rst2html.py Dosbox Area Ownership Changelog Vldb Qpixmap Gitk Server-hardware Uddi Unbind Volatile Sscli Drupal-menu Excanvas Embedded-video Bzr-svn Smart-pointers Jobs Xcelsius Imageview Spl-autoload-call Table-per-class Multicast Sonicmq Webos Django-forms Hidden-variables Idbcommand Browser-cache Mapped-drive J2ab Page-layout Printing Mongorestore Slideshow Daq-mx Alignment Urlparse Eclim Wolframalpha Sendinput Default-document Object-layout Sortcomparefunction Winzip Atlassprites