Following Let's Encrypt's instructions on how to create a local certificate for testing purposes, I've made it to have a certificate.crt and certificate.key files. Now, how do I use them with a SSLServerSocket?
The only way I've used a SSLServerSocket before was with a keystore generated from keytool, and I did some research and didn't find any specific way to use the certificates generated by openssl with SSLServerSocket.
Asked
Active
Viewed 255 times
1
Washington A. Ramos
- 874
- 1
- 8
- 25
-
2Import them into a PKCS#12 keystore using the OpenSSL tool. – user207421 May 20 '18 at 01:33
1 Answers
1
SUGGESTION:
Look at this link: How to import an existing x509 certificate and private key in Java keystore to use in SSL?
Convert the existing cert to a PKCS12 using OpenSSL. A password is required when asked or the 2nd step will complain.
openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname rootConvert the PKCS12 to a Java Keystore File.
keytool -importkeystore -deststorepass [new_keystore_pass] -destkeypass [new_key_pass] -destkeystore [keystore.jks] -srckeystore [keystore.p12] -srcstoretype PKCS12 -srcstorepass [pass_used_in_p12_keystore] -alias [alias_used_in_p12_keystore]
paulsm4
- 114,292
- 17
- 138
- 190
-
So in the end I will still need a Java Keystore File? Those can be directly generate with keytool – Washington A. Ramos May 20 '18 at 02:07
-
1@WashingtonA.Ramos Yes they can, and that's what you should have done to start with, instead of this detour through OpenSSL. See the JSSE Reference Guide. – user207421 May 20 '18 at 02:29
-
Thank you. I'll stick with the implementation that uses the keytool-generated certificate, then. – Washington A. Ramos May 20 '18 at 02:32