0

I have a client.pem file with a password "password" I have used this in an stunnel to connect to a webservice.

Now instead I wish to use javas keyStore and trustStore. How do I translate this working .pem file into a working keyStore?

I tried this: Import PEM into Java Key Store

to add it to the cacerts file, thinking I can use this for the truststore.

I read somewhere that the cacerts file is in fact a jks file?

So shouldn't I be able to do it like this:

    -Djavax.net.ssl.keyStore="C:\cacerts"
    -Djavax.net.ssl.keyStoreType="JKS"
    -Djavax.net.ssl.keyStorePassword="changeit"
    -Djavax.net.ssl.trustStore="C:\cacerts"
    -Djavax.net.ssl.trustStorePassword="changeit"

This did not work. And I guess it shouldn't since the original password for the client.pem is not used anywhere. But how do I do this? Should the truststore file be ok? If so how do I create a Keystore.

Thanks for any help.

Community
  • 1
  • 1
Johannes
  • 135
  • 1
  • 2
  • 10
  • Did you performed the DER format conversion as suggested in the answer ? Did you try the suggested [link](http://www.agentbob.info/agentbob/79-AB.html) in comments, the ImportKey program seems asking for the password ? – superbob May 04 '15 at 14:39
  • Hey the import asked for the cacert files default password, "changeit" – Johannes May 04 '15 at 15:02
  • No I did not use that link but I'm not sure I understand it. They have a private key and a certificate both of pem format. I have one client.pem and the password for it is just a normal string. How can the password be a file too? – Johannes May 04 '15 at 15:23
  • I found this http://stackoverflow.com/questions/25352081/ca-pem-file-to-jks-tomcat-truststore And managed to create a jks from the pem file. What bothers me is that it never asks for the original password of the pem-file. It only akss me to choose a new password for the jks. Clearly there is something I am just not getting here. – Johannes May 04 '15 at 15:39
  • What happens if you try to open the pem with an [external tool](http://fileinfo.com/extension/pem), does it ask for the password? Do the created jks file "work"? – superbob May 05 '15 at 07:49
  • I dont know, how can I tell if the jks works? – Johannes May 05 '15 at 10:18
  • and yes I can view the pem file as text in File viewer lite without using the password. Does this mean there is no password connected to the pem file? – Johannes May 05 '15 at 10:36
  • Isn't it what your program should do? (Use the jks file to connect) So if your program works, it works. Opening the pem with a text editor doesn't prove anything, you should try to "decode" its content with a dedicated program such as Apple Keychain for OS X or GNOME keyring for Linux/GNOME – superbob May 05 '15 at 11:19
  • OK I have not managed to get the program to work by using the jks, or the java parameters in general. I have only managed to get it to work with an stunnel which uses a pemfile but now I would like not to have to use the stunnel and use the keystore parameters instead. But I just cant figure out how. – Johannes May 05 '15 at 11:40

0 Answers0