Converting a certificate + key to a usable Java keystore
However, JSSE is also supported as the SSL connection handler, so I decided to find out what was involved in switching from OpenSSL to JSSE. That proved to be quite easy, with a Java 6 JDK that already includes a configured JSSE library. The largest problem was converting the certificate + key to a Java keystore. For everyone that may one day have to solve this problem:
First put the certificate and the key in a pkcs12 keystore:
openssl pkcs12 -export -out dev.pkcs12 -in dev.crt -inkey dev.key
then convert the keystore to a JKS keystore, using the Java keytool:
keytool -importkeystore -srckeystore dev.pkcs12 -srcstoretype PKCS12 -destkeystore dev.keystore
This example involves a self-signed certificate; if you need to include CA certificaties or certificate chains, the process is slightly more complicated, but probably not very, as you can use openssl to perform all the hard steps. If I encounter any problems when I do that, I will let you know .
On a sidenote: Java keystores are terrible things and I dread the moments when I discover they are once again inevitable in reaching a certain goal.
Het is iig een stuk duidelijker dan al die commandline opties en tools die je anders moet gebruiken.
Comments are closed