Re: .pem certificate loading issue
not-yet-commons-ssl-0.3.11.jar can accomplish what you are trying to do. Details here: http://juliusdavies.ca/commons-ssl/utilities.html#ksb java -cp not-yet-commons-ssl-0.3.11.jar org.apache.commons.ssl.KeyStoreBuilder KeyStoreBuilder converts PKCS12 and PKCS8 to Java Keystore KeyStoreBuilder: creates '[alias].jks' (Java Key Store) -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8) [alias] will be set to the first CN value of the X509 certificate. --- Usage1: [password] [file:pkcs12] Usage2: [password] [file:private-key] [file:certificate-chain] Usage3: -topk8 [password] [file:jks] --- [private-key] can be openssl format, or pkcs8. [password] decrypts [private-key], and also encrypts outputted JKS file. All files can be PEM or DER. You can download it here: http://juliusdavies.ca/commons-ssl/download.html On Thu, Aug 27, 2009 at 4:37 AM, Mohan Radhakrishnan radhakrishnan.mo...@gmail.com wrote: Not it does not look like I need OpenSSL. The following Java command could import the entire chain. keytool -import -alias visaftpsflux -file visacertificateedited.cer -trustcacerts -keystore FSSNABMAPSVISA.jks -storepass password Further testing is required. Mohan On Thu, Aug 27, 2009 at 4:24 PM, Mohan Radhakrishnanradhakrishnan.mo...@gmail.com wrote: What is the link between the existing key's alias and the alias used while importing the CA-root and sub-root certificates ? The CA-root and sub-root certificates have been imported with new aliases. The old alias throws an error. Thanks, Mohan On Thu, Aug 27, 2009 at 2:35 PM, Mohan Radhakrishnanradhakrishnan.mo...@gmail.com wrote: I have an ASCII text file with a chain of certificates. I had earlier sent a CSR and got these certificates back from the CA. When I opened the ASCII file I see some text before and after ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- I removed this test because they were file names like CASubroot.pem.txt, CArootpem.txt etc. I tried to use openssl to convert these .pem certificates to .der. It didn't work. I am sure I am doing something wrong. How do I load these certificates into the Java KeyStore ? Since these are certificates signing my CSR I am going to load them back to the Java KeyStore( Not the TrustStore ). Can anyone throw some light on this procedure ? Thanks, Mohan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/logging.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
.pem certificate loading issue
I have an ASCII text file with a chain of certificates. I had earlier sent a CSR and got these certificates back from the CA. When I opened the ASCII file I see some text before and after ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- I removed this test because they were file names like CASubroot.pem.txt, CArootpem.txt etc. I tried to use openssl to convert these .pem certificates to .der. It didn't work. I am sure I am doing something wrong. How do I load these certificates into the Java KeyStore ? Since these are certificates signing my CSR I am going to load them back to the Java KeyStore( Not the TrustStore ). Can anyone throw some light on this procedure ? Thanks, Mohan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: .pem certificate loading issue
What is the link between the existing key's alias and the alias used while importing the CA-root and sub-root certificates ? The CA-root and sub-root certificates have been imported with new aliases. The old alias throws an error. Thanks, Mohan On Thu, Aug 27, 2009 at 2:35 PM, Mohan Radhakrishnanradhakrishnan.mo...@gmail.com wrote: I have an ASCII text file with a chain of certificates. I had earlier sent a CSR and got these certificates back from the CA. When I opened the ASCII file I see some text before and after ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- I removed this test because they were file names like CASubroot.pem.txt, CArootpem.txt etc. I tried to use openssl to convert these .pem certificates to .der. It didn't work. I am sure I am doing something wrong. How do I load these certificates into the Java KeyStore ? Since these are certificates signing my CSR I am going to load them back to the Java KeyStore( Not the TrustStore ). Can anyone throw some light on this procedure ? Thanks, Mohan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: .pem certificate loading issue
Not it does not look like I need OpenSSL. The following Java command could import the entire chain. keytool -import -alias visaftpsflux -file visacertificateedited.cer -trustcacerts -keystore FSSNABMAPSVISA.jks -storepass password Further testing is required. Mohan On Thu, Aug 27, 2009 at 4:24 PM, Mohan Radhakrishnanradhakrishnan.mo...@gmail.com wrote: What is the link between the existing key's alias and the alias used while importing the CA-root and sub-root certificates ? The CA-root and sub-root certificates have been imported with new aliases. The old alias throws an error. Thanks, Mohan On Thu, Aug 27, 2009 at 2:35 PM, Mohan Radhakrishnanradhakrishnan.mo...@gmail.com wrote: I have an ASCII text file with a chain of certificates. I had earlier sent a CSR and got these certificates back from the CA. When I opened the ASCII file I see some text before and after ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- I removed this test because they were file names like CASubroot.pem.txt, CArootpem.txt etc. I tried to use openssl to convert these .pem certificates to .der. It didn't work. I am sure I am doing something wrong. How do I load these certificates into the Java KeyStore ? Since these are certificates signing my CSR I am going to load them back to the Java KeyStore( Not the TrustStore ). Can anyone throw some light on this procedure ? Thanks, Mohan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org