Java Key Store: Difference between revisions
Jump to navigation
Jump to search
| Line 43: | Line 43: | ||
== References == | == References == | ||
{| | |||
| valign="top" | | |||
* [https://stackoverflow.com/questions/49124091 How to create csr, key, crt and import crt, rootca, subca into jks?] | * [https://stackoverflow.com/questions/49124091 How to create csr, key, crt and import crt, rootca, subca into jks?] | ||
* [https://devcentral.f5.com/questions/difference-between-root-cert-intermediate-cert-and-ssl-cert Difference between Root Cert, Intermediate Cert and SSL Cert] | * [https://devcentral.f5.com/questions/difference-between-root-cert-intermediate-cert-and-ssl-cert Difference between Root Cert, Intermediate Cert and SSL Cert] | ||
| Line 53: | Line 55: | ||
* [https://stackoverflow.com/questions/7064087 How to convert .csr to .cer?] | * [https://stackoverflow.com/questions/7064087 How to convert .csr to .cer?] | ||
* [http://portecle.sourceforge.net/ Portecle] | * [http://portecle.sourceforge.net/ Portecle] | ||
| valign="top" | | |||
* [https://stackoverflow.com/questions/49959148/ Generate a key with keytool, in a non-interactive way] | |||
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html Creating a KeyStore in JKS Format] | |||
|} | |||
Revision as of 01:31, 3 March 2021
Manipulation
# show trusted root ca entries with empty/blank password
keytool -keystore "$JAVA_HOME/jre/lib/security/cacerts" -list
# show trusted certificate entries with store password
keytool -keystore "$HOME/.chorke/jks/chorke.jks" -list
# change proprietary jks format to pkcs12
keytool -importkeystore -srckeystore chorke_source.jks \
-destkeystore chorke_target.jks -deststoretype pkcs12
# import certificate with alias in java security
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts \
-alias ckirootca -file ckirootca.cer
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts \
-alias ckisubca -file ckisubca.cer
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts \
-alias chorke -file chorke.crt
keytool -storepass storepasswd -importcert -keystore jks/chorke.jks \
-trustcacerts -alias ckirootca-file jks/ckirootca.cer
keytool -storepass storepasswd -importcert -keystore jks/chorke.jks \
-trustcacerts -alias ckisubca-file jks/ckisubca.cer
keytool -storepass storepasswd -importcert -keystore jks/chorke.jks \
-alias chorke -file jks/chorke.crt
# debugging certificate handshacking
service='api.chorke.org:5443/soap/services';\
echo -e "GET / HTTP/1.0\r\n" | openssl s_client \
-connect $service -CAfile chorke_client.pem