Hi, I just released commons-ssl-0.3.1.
http://juliusdavies.ca/commons-ssl/ I have yet to document this correctly, but it now supports OpenSSL and PKCS8 style private keys. In other words, people can follow the excellent instructions from Apache httpd's SSL FAQ! http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert ======================================================= How do I create a self-signed SSL Certificate for testing purposes? 1. Make sure OpenSSL is installed and in your PATH. 2. Run the following command, to create server.key and server.crt files: $ openssl req -new -x509 -nodes -out server.crt -keyout server.key These can be used as follows in your httpd.conf file: SSLCertificateFile /path/to/this/server.crt SSLCertificateKeyFile /path/to/this/server.key 3. It is important that you are aware that this server.key does not have any passphrase. To add a passphrase to the key, you should run the following command, and enter & verify the passphrase as requested. $ openssl rsa -des3 -in server.key -out server.key.new $ mv server.key.new server.key ======================================================= I always found it really confusing how provisioning certificates for Java was so different compared to Apache/OpenSSL. Supporting the OpenSSL way has been a goal of mine for a long time. Here's the way the code looks when doing things this way: ======================================================= String pathToCertChain = "/path/to/this/server.crt"; String pathToKey = "/path/to/this/server.key"; char[] pwd = "password".toCharArray(); KeyMaterial km = new KeyMaterial( pathToCertChain, pathToKey, pwd ); // Doesn't matter what order the Strings are in. This also works: // km = new KeyMaterial( pathToKey, pathToCertChain, pwd ); SSLServer server = new SSLServer(); server.setKeyMaterial( km ); SSLServerSocket ss = (SSLServerSocket) server.createServerSocket( 7443 ); SSLSocket socket = (SSLSocket) ss.accept(); ======================================================= To support PKCS8 and OpenSSL style keys, I needed ASN.1 parsing. I stole the ASN.1 parsing code from the "directory.apache.org" project. I made a few minor changes, as well: added a few constructors, and removed any code that wasn't Java 1.3 compatible. Since I now have ASN.1 parsing, I have removed any dependencies on BouncyCastle. (That's all I was using BouncyCastle for). Enjoy! And check out all the PKCS8 keys it supports! (I love running these tests - so fun!) java -cp commons-ssl-0.3.1.jar org.apache.commons.ssl.PKCS8Key samples/rsa/*.* java -cp commons-ssl-0.3.1.jar org.apache.commons.ssl.PKCS8Key samples/dsa/*.* http://juliusdavies.ca/commons-ssl/samples/rsa_result.html http://juliusdavies.ca/commons-ssl/samples/dsa_result.html yours, -- Julius Davies Senior Application Developer, Technology Services Credit Union Central of British Columbia http://www.cucbc.com/ Tel: 416-652-0183 Cel: 647-232-7571 1441 Creekside Drive Vancouver, BC Canada V6J 4S7 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
