Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Security >> Java Secure Socket Extension (JSSE)

Importing an Existing certificate into Keystore

I am having trouble adding an existing certificate into a Keystore using the keytool. The certificate has been signed by a CA. I have both the .cer file and also the .pfx file. Does anyone know how I can add this certificate into my Keystore?

Everything I have read about adding certificates into the Keystore involve

1) Use keytool to generate selfsigned certificate with key

2) Send to CA for signing

3) Import the reply from CA into Keystore

This process does not work for me as I already have the signed certificate that I want to use. I cannot create a new certificate and then get it signed.

Does anyone have any ideas?

Regards

Alan

[693 byte] By [a.gibsona] at [2007-10-2 9:33:23]

«« Programatically achieving full thread dump
»» How to remove all item in JPanel?

# 1

You probably want to add more than just the certificate, you want to add the certificate plus the private key. Unfortunately, you cannot use keytool to do this. Keytool can will only deal with private keys it has created.

You can write a java program that takes advantage of the KeyStore class and api to do this.

ghstarka at 2007-7-16 23:39:42 >

top of Java-index,Security,Java Secure Socket Extension (JSSE)...

# 2

I suspected that the keytool couldn't do what I wanted. Thanks for confirming it.

I have written a small Java program which loads a Certificate + Private key contained in a .pfx file into a Keystore. Hopefully someone else may find the source useful

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.security.Key;

import java.security.KeyStore;

import java.security.Security;

import java.security.cert.Certificate;

import java.util.Enumeration;

class AddCertToKeystore

{

public static void main(String[] args) throws Exception

{

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

// Load the pfx file containing Certificate + Private Key

KeyStore temp = KeyStore.getInstance("PKCS12", "SunJSSE");

temp.load(new FileInputStream("C:\\xml\\Alan.pfx"), "password".toCharArray());

// Create a new Keystore

KeyStore keyStore = KeyStore.getInstance("JKS");

keyStore.load(null, "password".toCharArray());

// Find the alias name of the certificate from the pfx file

Enumeration aliasNames = temp.aliases();

String alias = (String) aliasNames.nextElement();

// Get the certificate chain from .pfx

Certificate c[] = temp.getCertificateChain(alias);

Key key = temp.getKey(alias, "password".toCharArray());

// Store the Private Key + Certificate Chain in the Keystore

keyStore.setKeyEntry("Alan Key", key, "password".toCharArray(), c);

// Create the Keystore

keyStore.store(new FileOutputStream("C:\\xml\\alan.keystore"), "password".toCharArray());

}

Alan

a.gibsona at 2007-7-16 23:39:42 >

Security

Java Secure Socket Extension (JSSE)

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Importing an Existing certificate into Keystore

Security New Topic

Security Hot Topic

Security

All Classified