SSL certificate management with OpenSSL and Keytool
1) Generation of self signed key and certificate. There will be two files: root.key and root.crt
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes -out root.crt -keyout root.key
2) Generation of key and certificate for host
openssl req -newkey rsa:1024 -nodes -out ourdomain.csr -keyout ourdomain.key
3) Generate and sign of certificate:
openssl x509 -req -in ourdomain.csr -CA root.crt -CAkey root.key -CAcreateserial -out ourdomain.crt -days 365
4) Export to p12
openssl pkcs12 -export -in ourdomain.crt -inkey ourdomain.key -name somename -CAfile root.crt -caname root -chain -out ourdomain.p12
5) Remove passfrathe from key
openssl rsa -in old.key -out new.key
keytool -import -file firstCA.cert -alias firstCA -keystore myTrustStore
keytool -v -importkeystore -srckeystore alice.p12 -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS
6) Download certificate from site
echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./1.crt
7) Change pass-phrase
openssl rsa -des3 -in server.key -out server.key.new
8) Export certificate
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
9) Export unencrypted private key
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem
10) List of keys in keystore.jks
keytool -list -v -keystore ./keystore.jks
11) Delete my_server_certificate from keystore.jks
keytool -delete -alias my_server_certificate -keystore ./keystore.jks
12) Import keystore.jks to keystore.p12
keytool -importkeystore -destkeystore ./keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
=== Other ===
openssl rsa -des3 -in 1.pem -out 2.pem
keytool -import -file ./2.pem -alias local.key -keystore ./keystore.jks
openssl pkcs12 -export -name myservercert -in ^Clfsigned.crt -inkey server.key -out keystore.p12
http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i
1) Generation of self signed key and certificate. There will be two files: root.key and root.crt
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes -out root.crt -keyout root.key
2) Generation of key and certificate for host
openssl req -newkey rsa:1024 -nodes -out ourdomain.csr -keyout ourdomain.key
3) Generate and sign of certificate:
openssl x509 -req -in ourdomain.csr -CA root.crt -CAkey root.key -CAcreateserial -out ourdomain.crt -days 365
4) Export to p12
openssl pkcs12 -export -in ourdomain.crt -inkey ourdomain.key -name somename -CAfile root.crt -caname root -chain -out ourdomain.p12
5) Remove passfrathe from key
openssl rsa -in old.key -out new.key
keytool -import -file firstCA.cert -alias firstCA -keystore myTrustStore
keytool -v -importkeystore -srckeystore alice.p12 -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS
6) Download certificate from site
echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./1.crt
7) Change pass-phrase
openssl rsa -des3 -in server.key -out server.key.new
8) Export certificate
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
9) Export unencrypted private key
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem
10) List of keys in keystore.jks
keytool -list -v -keystore ./keystore.jks
11) Delete my_server_certificate from keystore.jks
keytool -delete -alias my_server_certificate -keystore ./keystore.jks
12) Import keystore.jks to keystore.p12
keytool -importkeystore -destkeystore ./keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
=== Other ===
openssl rsa -des3 -in 1.pem -out 2.pem
keytool -import -file ./2.pem -alias local.key -keystore ./keystore.jks
openssl pkcs12 -export -name myservercert -in ^Clfsigned.crt -inkey server.key -out keystore.p12
http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i
No comments:
Post a Comment