Wednesday, 9 October 2013

CSR creation, CA certiifcate import, SSL Certificate Import


Steps to Create SSL Certificate:

1. We need to generate the keystore using
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

2. Generate the CSR out of this keystore and also export privatekey from the same.
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr


3. Get the .crt file from Well known CA like VeriSign, Thawte,GoDaddy..etc.
4. Using CA.crt and privatekey from original keystore , we have to generate .pfx or .p12 file using ,
openssl pkcs12 -export -out cert-and-key.p12 -inkey privateKey.key -in CAcertificate.crt

5. Convert your existing CA certificate and private key into a PKCS12 file, and then use the keytool functionality to merge one keystore with another one. Java 6 can treat a PKCS12 file as a keystore, so putting this together, you get this:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore final-keystore.jks -srckeystore cert-and-key.p12 -srcstoretype PKCS12 -srcstorepass cert-and-key-password -alias 1
   The alias of 1 is required to choose the certificate in the source PKCS12 file, keytool isn't clever enough to figure out which certificate you want in a store containing one certificate.
 
6.   final-keystore.jks is the final keystore we have to keep in classpath to work.
 

Reference:
http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

No comments:

Post a Comment

Please comment here