Monday, December 12, 2011

OWSM: Loading private and public certifcates

As written in my blog article on SSL, handling certificates is not easy. One of the goals I had was to load a public and private certificate into a JKS key-store. With tools such as keytool and openssl, this is not possible. After struggeling a few hours, I managed to fix this. This is how I did it.

You have two files, one public key and one private key; vijfhuizen_pub.pem, vijfhuizen_prv.pem. Based on these files, you can load the keystore as follows:
  • Convert the keys into DER format.
  • Load the DER files into a new keystore via Java.
openssl x509 -in vijfhuizen-pub.pem -inform PEM -out vijfhuizen-pub.crt -outform DER

openssl pkcs8 -topk8 -nocrypt -in vijfhuizen-prv.pem -inform PEM -out vijfhuizen-prv.crt -outform DER

java ImportKey -prikey vijfhuizen-prv.crt -signed vijfhuizen-pub.crt -alias vijfhuizen -keypass changeit -store vijfhuizen.jks

De Java Class has the following options:
java ImportKey

    java ImportKey -alias alias -prikey file.der -signed cert.der -keypass pas1 -storepass pas2
    java ImportKey -alias alias -prikey file.der -signed cert.der -keypass pas1 -store file.jks -storepass pas2


    Store DER key and signed certificate into user's home key store, or into the key
    store file specified by the STORE parameter.

The Java  code can be download here.