Creating trusted certificate for Java JSSE

First, take the unencrypted file certificate.pfx (used on the server), and chop it up into key and PEM encoded certificate:

# openssl pkcs12 -in certificate.pfx -nodes -out certificate.key -nocerts
# openssl pkcs12 -in certificate.pfx -nodes -out certificate.pem -nokeys

Edit the certificate.key and certificate.pem files, remove the garbage before the actual key and cerfiticate.

Combine the key and certificate to a new encrypted pkcs12 file:

# openssl pkcs12 -export -in certificate.pem -inkey certificate.key -name “friendlyname” -out certificate.p12

Enter the new password.

Using Java Keytool, export the certificate from the pkcs12 file.

# keytool -export -keystore certificate.p12 -storetype pkcs12 -alias friendlyname -file server.cer

Import the certificate into a Java Key Store as a trusted certificate:

# keytool -import -keystore jssecacerts.jks -alias friendlyname -file server.cer

Enter something as keystore password and type “yes” to trust the certificate.

Dette indlæg blev udgivet i Knowledge Base, Old Base, Programmering. Bogmærk permalinket.

Skriv et svar