How to import .pfx certificate to use on client side java HTTPS POST code
(This should be some kind of FAQ, but I've been reading JSSERefGuide.html
and searching the web and found no similar problems,
so may be its just me not getting how to do it).
An internet company has given me a .pfx file with a certificate to use for client side SSL.
I wrote a simple Java client, like:
--
URL url = new URL("https://server/...");
URLConnection uc = url.openConnection();
uc.setDoOutput(true);
uc.setDoInput(true);
uc.setUseCaches(false);
PrintWriter ucout = new PrintWriter(uc.getOutputStream());
// etc... write to ucout, and then later read the input stream
--
The keytool does not recognize the .pfx file. It just says its not an X509
certificate.
I've been trying to reconvert with openssl, like:
-
openssl pkcs12 -in CERTFILE.pfx -out CERTFILE.pem
openssl x509 -in CERTFILE.pem -out CERTFILE.x509
-
The CERTFILE.pem appears to contain a private key and
a certificate.
Staring with an empty .keystore, I imported the certificate with the keytool, like:
-
jdk1.5.0_03/bin/keytool -import -v -trustcacerts -storepass 123456 -file 1266.x509
-
and I could see the certificate details Ok. I answered
Trust this certificate? [no]: yes
But when I try to run my java code like:
jdk1.5.0_03/bin/java -Djavax.net.debug=all -Djavax.net.ssl.keyStore=/home/jpsl/.keystore -Djavax.net.ssl.keyStorePassword=123456 MyPostClass
-
I get an application response from the server saying that the client
certificate is not recognized.
If I get to look at the SSL debug trace, I see the following sequence:
--
*** ClientHello, TLSv1
...
*** ServerHello, TLSv1
...
*** Certificate chain
...
*** CertificateRequest
...
*** ServerHelloDone
...
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
...
*** Finished
-
Shouldn't my client answer the SSL handshake with a "Certificate verify" ?
What am I doing wrong ?
