Subject: CAcert Code Development list.
List archive
- From: Jan Dittberner <jandd AT cacert.org>
- To: Dirk Niemeier <dirk.niemeier AT gmx.de>
- Cc: cacert-devel AT lists.cacert.org
- Subject: Re: Code signing question java
- Date: Tue, 1 Apr 2014 17:39:37 +0200
On Tue, Apr 01, 2014 at 01:41:44PM +0200, Dirk Niemeier wrote:
> Am 01.04.2014 12:53, schrieb Jan Dittberner:
>
> On Tue, Apr 01, 2014 at 08:23:54AM +0000,
> dirk.niemeier AT gmx.de
> wrote:
>
> Hi,
> can some one explain me how to get the necessary keys into the Java
> Keystore
> File.
> I have my Client-Certificate with code signing option. But I do not
> find a way
> to get the private key into the jks file. I think I have to create
> an pkcs12
> file with openssl.
> Does anyone know how to do?
>
> keytool -importkeystore helps. You need a PKCS#12 export of your client
> certificate and private key and then you can do the following:
>
>
> Yes, that is the problem. How can I get an PKCS#12 export of the
> client-certificate? Where is the private key in the certificates? XCA and
> openSSL can't find the private key in the certificate.
How did you create the client certificate? Did you use your Browser? If yes,
you need to export the PKCS#12 file from your Browsers certicate dialog. If
you used a certificate signing request (CSR) created by something like
openssl you need to build a PKCS#12 keystore containing the following:
- the private key used for the CSR (key.pem)
- your client certificate (cert.pem)
- the CAcert class3 certificate (only if you used the class3 CA)
(class3.pem)
- the CAcert class1 certificate (root.pem)
Using openssl you can build a PKCS#12 file like this:
cat class3.pem root.pem > cacert-roots.pem
openssl pkcs12 -export -chain -inkey key.pem -in cert.pem -CAfile
cacert-roots.pem -name certalias -out cert.p12
openssl will ask you for a password for encrypting the PKCS#12 file (this is
the same password that you need for the -srcstorepass and -srckeypass
options of JDK's keytool)
> keytool -importkeystore
> -srckeystore cert.p12 -destkeystore cert.jks
> -srcstoretype pkcs12 -deststoretype jks
> -srcstorepass secret -deststorepass secret
> -srcalias certalias -destalias certalias
> -srckeypass secret -destkeypass secret
Best regards
Jan
--
Jan Dittberner - Debian Developer
GPG-key: 4096R/558FB8DD 2009-05-10
B2FF 1D95 CE8F 7A22 DF4C F09B A73E 0055 558F B8DD
http://www.dittberner.info/
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Code signing question java, dirk . niemeier, 04/01/2014
- Re: Code signing question java, Benny Baumann, 04/01/2014
- Re: Code signing question java, Dirk Niemeier, 04/01/2014
- Re: Code signing question java, Jan Dittberner, 04/01/2014
- Re: Code signing question java, Dirk Niemeier, 04/01/2014
- Re: Code signing question java, Jan Dittberner, 04/01/2014
- Re: Code signing question java, Dirk Niemeier, 04/01/2014
- Re: Code signing question java, Benny Baumann, 04/01/2014
Archive powered by MHonArc 2.6.18.