 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / July 2004Converting cacerts to PKCS12
I'm trying to work out how I can get my root certs into a format readable by the BouncyCastle provider, and that seems to mean PKCS12. I have tried exporting certs in base64 and feeding them into openssl, but openssl seems to need the private key in order to generate PKCS12. Does anyone know an easy way (or even a difficult way) to translate from JKS to PKCS12, instead of the other way around? Or where I can find a set of root certs already in PKCS12 format?  SignatureChris Gray chris@kiffer.eunet.be /k/ Embedded Java Solutions See the sample under "3rd Party Solutions" section at: http://www.jensign.com/JavaScience/Thawte - Mitch Gallant JavaScience Consulting > I'm trying to work out how I can get my root certs into a format readable by > the BouncyCastle provider, and that seems to mean PKCS12. I have tried [quoted text clipped - 3 lines] > of the other way around? Or where I can find a set of root certs already in > PKCS12 format? > See the sample under "3rd Party Solutions" section at: > http://www.jensign.com/JavaScience/Thawte > > - Mitch Gallant > JavaScience Consulting Michel, Thanks. The BCMain class looked promising, so I downloaded and tried to modify it to generate a PKCS12 file containing a trusted certificate instead of a private key - essentially I just changed setKeyEntry to setCertificateEntry and deleted all the reference to private key info. This results in a file which openssl recognises as a "certificate bag", but specifying this as the truststore for JSSE does not result in joy: I get a "javax.net.ssl.SSLException: untrusted server cert chain". The certificate I want JSSE to recognise is signed by RSA Security, Inc.. Is there a way to see with what root certificate it was signed? The cacerts file in my jre installation only lists one cert with that company and OU (namely the one with alias "verisignserverca"), so I've used that one in my experiments. Chris >> I'm trying to work out how I can get my root certs into a format readable >> by the BouncyCastle provider, and that seems to mean PKCS12. I have tried [quoted text clipped - 7 lines] >> Chris Gray chris@kiffer.eunet.be >> /k/ Embedded Java Solutions SignatureChris Gray chris@kiffer.eunet.be /k/ Embedded Java Solutions >> See the sample under "3rd Party Solutions" section at: >> http://www.jensign.com/JavaScience/Thawte [quoted text clipped - 11 lines] > but specifying this as the truststore for JSSE does not result in joy: I > get a "javax.net.ssl.SSLException: untrusted server cert chain". OK, I've got a bit further: I gave my PKCS12 file the password "insecure", and stuck that in the system.properties file. Now the server certificate is getting recognised, and I fail at the subsequent handshake: bad_record_mac. But that is subject matter for a new thread ... Thanks Chris SignatureChris Gray chris@kiffer.eunet.be /k/ Embedded Java Solutions Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.