Working with SSL

From Opentaps Wiki
Revision as of 00:04, 24 April 2009 by Sichen (talk | contribs)
Jump to navigationJump to search

Generating a Self Signed JKS Key

$ keytool -genkey -alias opentaps -keyalg RSA -keystore framework/base/config/opentaps.jks
Enter keystore password:  opentaps
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Si Chen
What is the name of your organization?
  [Unknown]:  Open Source Strategies, Inc.
What is the name of your City or Locality?
  [Unknown]:  Los Angeles
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Si Chen, O="Open Source Strategies, Inc.", L=Los Angeles, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <opentaps>
        (RETURN if same as keystore password):  opentaps

Converting PEM to JKS Private Key

  • key.pem is the private SSL key
  • cert.pem is the certificate for the SSL key
$ openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER

$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

$ javac ImportKey.java

$ java ImportKey key.der cert.der
Using keystore-file : /home/user/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias:importkey  Password:importkey

$ keytool -keystore keystore.ImportKey -storepass
Enter keystore password:
New keystore password:
Re-enter new keystore password:

ImportKey.java can be obtained from agentbob.info

Retrieved from "https://docs.opentaps.org/docs/index.php?title=Working_with_SSL&oldid=3881"