Archive for September, 2006
LCOD – 9/13/06 – Howto import PRIVATE KEYS Java Keystore
Posted by Jon Zobrist in Linux, Linux Command of the Day on September 13, 2006
Yes folks, now you too can enjoy the wonder of importing private keys into Java keystores.
There are actually several ways this can be done, none of which are by using the Java keytool program that absolutely should support this natively, and it’s laughable that Sun hasn’t made it able to.
Google for other ways, I’m going to tell you how I just did it for tomcat using IBM’s KeyMan.
First, get IBM’s KeyMan
http://www.alphaworks.ibm.com/tech/keyman
To import your key and cert you’ll need to convert them to something like DER format, with openssl commands like this:
openssl pkcs8 -topk8 -nocrypt -in ORIGINALKEY.PEM -inform PEM -out NEWKEY.DER -outform DER
openssl x509 -in ORIGNALCERT.PEM -inform PEM -out NEWCERT.DER -outform DER
Then just make a blank keystore with something like this:
~/sivox/ssl/java/bin/keytool -genkey -alias dummy -keyalg RSA -keystore keystore
Then run the KeyMan binary and when it pops up the error about bad resource, click the back button, browse for your keystore, and open it.
Then click File->Import and import your key and then your cert
You may want to rename them to tomcat if you’re using this for tomcat.. To do that double click on the cert, click the little wrench thing, and just type a new name.
You can delete the original dummy key, just be careful, KeyMan isn’t like most applications, for some reason it keeps items clicked until they are manually unclicked.
There are actually several ways this can be done, none of which are by using the Java keytool program that absolutely should support this natively, and it’s laughable that Sun hasn’t made it able to.
Google for other ways, I’m going to tell you how I just did it for tomcat using IBM’s KeyMan.
First, get IBM’s KeyMan
http://www.alphaworks.ibm.com/tech/keyman
To import your key and cert you’ll need to convert them to something like DER format, with openssl commands like this:
openssl pkcs8 -topk8 -nocrypt -in ORIGINALKEY.PEM -inform PEM -out NEWKEY.DER -outform DER
openssl x509 -in ORIGNALCERT.PEM -inform PEM -out NEWCERT.DER -outform DER
Then just make a blank keystore with something like this:
~/sivox/ssl/java/bin/keytool -genkey -alias dummy -keyalg RSA -keystore keystore
Then run the KeyMan binary and when it pops up the error about bad resource, click the back button, browse for your keystore, and open it.
Then click File->Import and import your key and then your cert
You may want to rename them to tomcat if you’re using this for tomcat.. To do that double click on the cert, click the little wrench thing, and just type a new name.
You can delete the original dummy key, just be careful, KeyMan isn’t like most applications, for some reason it keeps items clicked until they are manually unclicked.
-
You are currently browsing the archives for September, 2006
Follow me on Google+
