Tuesday 15 April 2014

java - Import PFX file into Existing JKS file (NOT converting from .pfx to .jks) -



java - Import PFX file into Existing JKS file (NOT converting from .pfx to .jks) -

i have java web service , have implemented x.509 using jks files created java keytool.

keytool -genkey -keyalg rsa -sigalg sha1withrsa -validity 730 -alias myservicekey -keypass skpass -storepass sspass -keystore servicekeystore.jks -dname "cn=localhost" keytool -genkey -keyalg rsa -sigalg sha1withrsa -validity 730 -alias myclientkey -keypass ckpass -storepass cspass -keystore clientkeystore.jks -dname "cn=clientuser"

to found trust between client , server import server certs client , client certs server.

import server public key (certs) client.

keytool -export -rfc -keystore clientkeystore.jks -storepass cspass -alias myclientkey -file myclient.cer keytool -import -trustcacerts -keystore servicekeystore.jks -storepass sspass -alias myclientkey -file myclient.cer -noprompt

import client public key(certs) server

keytool -export -rfc -keystore servicekeystore.jks -storepass sspass -alias myservicekey -file myservice.cer keytool -import -trustcacerts -keystore clientkeystore.jks -storepass cspass -alias myservicekey -file myservice.cer -noprompt

both service , client written in java , working fine. have .net client , understanding if give same jave client certificates .net client i.e clientkeystore.jks should work, .net client having issues.

the .net client developer has insisted me utilize .pfx certificate generated, how can import .pfx certificate existing .jks file.

the examples have seen online require me create new .jks file.

thank you.

you can treat file java pkcs12 keystore. can utilize of same keytool commands, except additionally need specify -storetype pkcs12 since default jks. illustration works in jdk 1.6 , higher:

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype jks

also see this thread. think answers question, if don't mind suggestion, output existing jks file p12 file, give p12 file .net client. solve issue if format issue. can next steps outlined here. if still have issues, should post .net client's exception otherwise cannot help you.

java x509 keytool pfx jks

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)