Wednesday, August 28, 2013

Import an existing Private Key (.key file) into a JKS store

Sounds easy but it's not. I have an existing .key (private key) and .crt file (certificate for public key) and I want to import them into a JKS.

http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i

The only way seems to go through an intermediate pkcs12 store, to be imported later in the JKS. So much fuss for a simple operation which should be natively supported.

http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html

In fact, puppet JAVA_JKS module does this:

openssl pkcs12 -export -passout stdin -in /home/soa/jkstest/source/acme.com.crt -inkey /home/soa/jkstest/source/acme.com.key -name test4acme.com

when you ask him to import .crt and .key into a keystore:

    java_ks { "${nesoa2env}acme.com" :
        ensure       => latest,
        certificate  => "${certsFolder}acme.com.crt",
        private_key  => "${certsFolder}acme.com.key", 
        target       => "${targetJKS}",
        password     => "${identityPassword}",
        trustcacerts => false,
    }



No comments: