If you only need a truststore, you can stop here. For the question: "Do you trust this certificate?" answer "yes," so it is then added in the truststore. The next step is to create a truststore, like so: keytool -import -file example.crt -alias exampleCA -keystore truststore.jksĪs you can see here, you just import this crt file into a JKS truststore and set the password. The second command is almost the same, but it is about nokey and a crt this time: openssl pkcs12 -in example.pfx -clcerts -nokeys -out example.crt Let's, for example, use 123456 for everything here. Later, you will be asked to enter a PEM passphase. openssl pkcs12 -in example.pfx -nocerts -out example.keyĪs shown here, you will be asked for the password of the PFX file. Next, all you need is OpenSSL and Java 7+!įirst, let's generate a key from the PFX file this key is later used for p12 keystore. ![]() KeyManager: Determines which authentication credentials to send to the remote host. TrustManager: Determines whether the remote authentication credentials (and thus the connection) should be trusted. ![]() ![]() The difference between truststore and keystore, if you are not aware is, according to the JSSE ref guide: In this post, we will learn how to create both a truststore and a keystore, because based on your needs, you might need one or the other. I recently had to use a PFX certificate for client authentication, and for that reason, I had to convert it to a Java keystore (JKS).
0 Comments
Leave a Reply. |