All geek questions in one place

Upload SSL certificate certificate to Netty engine

I use the SSL example located in the Netty example code folder:

String keyStoreFilePath = System.getProperty("keystore.file.path"); String keyStoreFilePassword = System.getProperty("keystore.file.password"); KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream fin = new FileInputStream(keyStoreFilePath); ks.load(fin, keyStoreFilePassword.toCharArray()); // Set up key manager factory to use our key store // Assume key password is the same as the key store file // password KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, keyStoreFilePassword.toCharArray());

I created my own keystore using:

/usr/java/jdk1.6.0_25/bin/keytool -genkey -keystore SrvKeystore -keyalg RSA

And everything works fine !!

However, now I want to use the official certificate provided to me by comodo ( https://secure.comodo.com/ )

They obviously provide 3 types of files: .csr, .crt and .key

Please advise which file should point to keystore.file.path and keystore.file.password

Maybe I need to do something else?

+4
source share
3 answers

The solution is provided in this link.

+2
source

Comodo provides you with a certificate and private key in a format that is most friendly to web servers (e.g. Apache and nginx).

There are two ways to solve this problem:

(1) Import the certificate chain (.crt) and private key (.key) into the jks or pkcs 12 key store (using keytool or openssl).

(2) Use the java CertificateFactory to read the certificate and the bouncycastle PEMReader to read the private key, and then wrap this in your own key manager (which you can pass to SSLContext).

+5
source

The basic information required to import a certified CA certificate is available here http://docs.oracle.com/javase/1.5.0/docs/tooldocs/solaris/keytool.html

Certificate Import

To import a certificate from a file, use the -import command, as in

 keytool -import -alias joe -file jcertfile.cer

This sample command imports the certificate into the jcertfile.cer file and stores it in a keystore record identified by the alias joe.

You import a certificate for two reasons:

  • to add it to the list of trusted certificates,
  • or to import a certificate response received from a CA as a result of sending a certificate signing request (see -certreq command) to that CA.
0
source

Source: https://habr.com/ru/post/1391451/

More articles:


All Articles