[ start | index | login ]
start > knowledgebase > linux > miscapplications > keytool

keytool

Created by alex. Last edited by alex, 62 days ago. Viewed 149 times. #1
[edit] [rdf]
labels
attachments
Here's how you can use SSL certs with Java apps and vice versa.

Generally, we use OpenSSL to generate a private key, then generate CSRs: >>http://rimuhosting.com/howto/modssl.jsp

For Java apps, the private key has to be stored in a "keystore" which needs to be created with the keytool command: >>http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

Importing the private key into the keystore is non-trivial, as far as I know, as is exporting a private key from a keystore. So I suggest the following procedure: generate the private key with keytool, then export it so it can also be used with Apache (and the same SSL cert). Here's the procedure I got to work with this: 

as root: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
This will create /root/.keystore Write down the password you used. 
#call this file DumpPrivateKey.java
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey {
        static public void main(String[] args) {
                try {
                        KeyStore ks = KeyStore.getInstance("jks");
                        ks.load(new FileInputStream("/root/.keystore"),
                                 "password".toCharArray());
                        Key key = ks.getKey("tomcat",
                                 "password".toCharArray());
                        System.out.write(key.getEncoded());
                } catch (Exception e) {
                        e.printStackTrace();
                }
        }
}
Change the password in that file appropriately. 
javac DumpPrivateKey.java
Then create this bash script: 
# cat dump_private_key.sh 
#!/bin/sh
ALIAS=tomcat
PKEY_8=privatekey.pkcs8
PKEY_64=privatekey.b64
CERT_64=certificate.b64
CERT_12=certificate.p12
keytool -alias ${ALIAS} -export -rfc >${CERT_64}
java -classpath . DumpPrivateKey >${PKEY_8}
(echo "-----BEGIN PRIVATE KEY-----" ;
 openssl enc -in ${PKEY_8} -a;
 echo "-----END PRIVATE KEY-----") >${PKEY_64}
openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export 
#rm ${PKEY_8} ${PKEY_64} ${CERT_64}
echo ${CERT_12}

Then privatekey.b64 will have the private key you want.

Links: >>http://forum.java.sun.com/thread.jspa?threadID=154587&start=0&tstart=0 >>http://tjworld.net/software/codesigning/index.html >>http://www.theserverside.com/discussions/thread.tss?thread_id=22243 >>http://i-proving.ca/space/Technologies/JBoss/Configuring+JBoss+SSL

no comments | post comment
see also:
mi... ma... we... snipsnap-search
rimuhost... mi... alex

>>Back To RimuHosting.com

Logged in Users: (0)
… and 22 Guests.
Recently Changed

Hot Snips

Recently Changed Weblogs
No new weblogs.

< August 2008 >
SunMonTueWedThuFriSat
12
3456789
10111213141516
17181920212223
24252627282930
31

RSS Feed

people came here from:

Powered by snipsnap.org Found a mistake in a howto? Let us know via an email to p.blikibugs at rimuhosting com.