![]() ![]() ![]() Ks.load(new FileInputStream ( "mykeystore" ), passw ) KeyStore ks = KeyStore.getInstance("JKS", "SUN") ( You may want to enable debugging as an VM option: =all ) char passw = "password".toCharArray() (optional) Test your certificates and private key from your new key store against your SSL server: (optional) Verify the content of your new key store: $ keytool -list -keystore mykeystore -storepass passwordĬn=.,ou=.,o=., Sep 2, 2014, trustedCertEntry,Ĭertificate fingerprint (SHA1): 2C:B8. Ks.store(new FileOutputStream ( "mykeystore" ),keypass.toCharArray()) Ks.setKeyEntry(defaultalias, ff, keypass.toCharArray(), chain ) ![]() String alias2 = ((X509Certificate) crt2).getSubjectX500Principal().getName() String alias1 = ((X509Certificate) crt1).getSubjectX500Principal().getName() Public static SSLServerSocketFactory createSSLFactory(File privateKeyPem, File certificatePem, String password) throws Exception The keystore is now complete and can be used for signing code or deploying on a Java based web server depending on the product you ordered.If you need an easy way to load PEM files in Java without having to deal with external tools (opensll, keytool), here is my code I use in production : import java.io.BufferedReader Keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks The alias here must match the alias of the private key in the first command. Use the same alias as the private key so it associates them together. Download & import your new certificateĭownload your new certificate save it as mydomain.crt. Keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jksĥ. Keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks Make sure you specify the correct alias of "root" and "intermediate" respectively. Import the root certificate first, followed by the intermediate. Import the root & intermediate certificates into your keystore. While the order processes, download the root & intermediate certificates for your order. You can identify the correct root & intermediate certificate based on hash algorithm and product type.Ĥ. You should now have a file called mydomain.csr which can be used to order or reissue a digital certificate from GlobalSign.ģ. Press Enter to use the same password as the keystore, alternatively specify a separate password and press enter. Keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csrĪnswer each question when prompted. Use the chart below to guide you through the process:Ĭonfirm or reject the details by typing "Yes" or "No" and pressing Enter Generate a CSR based on the new keystore: Keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048Ģ. Pay close attention to the alias you specify in this command as it will be needed later on. Open a command prompt in the same directory as Java keytool alternatively, you may specify the full path of keytool in your command. Or, you can check the step by step guidelines below. You can watch the video below for a tutorial. This article covers the creation of a new Java keystore using Java keytool. ![]()
0 Comments
Leave a Reply. |