Wednesday, November 27, 2019

Import SSL certication into Java Keystore

Prerequisite: "*.crt", "*.key" from CA, assume the file names are "cert.crt" and "cert.key"
Steps to be performed in Windows desktop:
  1. Rename "cert.crt" to "cert.cer" in Windows
  2. Double click "cert.cer" and "Ceritificate" popup window should be displayed
  3. Click "Certification Path" tab
  4. Double click intermediate certification, eg. "GeoTrust RSA CA 2018", another "Certificate" popup window should be displayed
  5. Click "Details" tab
  6. Click "Copy to File..." button and save the content as "intermediate.cer"
  7. Click "Certification Path" tab again"
  8. Double click root certification, eg. "DigiCert", another "Certificate" popup window should be displayed
  9. Click "Details" tab
  10. Click "Copy to File..." button and save the content as "root.cer"
  11. Concatenate "intermediate.cer" and "root.cer" into "allca.cer", eg. with command "cat intermediate.cer root.cer > allca.cer"
  12. Execute command "openssl pkcs12 -export -in cert.crt -inkey cert.key -out cert.p12 -name {aliasname} -CAfile allca.cer -caname root -chain"
  13. Append "$JAVA_HOME/bin" to "PATH" of cygwin, eg. "export PATH=$PATH:$JAVA_HOME/bin"
  14. Execute command "keytool -importkeystore -deststorepass {password} -destkeystore cert.jks -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass {password} -alias {aliasname}"

To verify, use command "keytool -list -v -keystore cert.jks -storepass {password}".

No comments:

Post a Comment