See also: Can a Java key store import a key pair generated by OpenSSL?
I am provided with the following files to a开发者_Python百科uthenticate against a thrift endpoint:
- cacert.pem
- local.crt
- local.key
I am having the hardest time trying to create a keystore that has the client cert in it. The endpoint application has its own CA to authenticate they client certs. I honestly am not sure what needs to be included in the keystore (assuming the client cert, and the endpoint public cert), but for the life of me can not get it working.
Does anyone know how to import a client cert into a keystore? Or, what I need to do in order to get this working? Thanks.
The problem was with the keystore, this is how I finally got it working.
First thing to note is that its not possible (as far as I know) to import private keys into a keystore using keytool...
Knowing that, I converted the local.crt and local.key to a .p12 file via openssl:
openssl pkcs12 -export -in local.crt -inkey local.key -out local.p12
Then used a tool from IBM (keyman): http://www.alphaworks.ibm.com/tech/keyman/download
To import the CA cert (cacert.crt) and then the .p12 file, then saved that as a keystore.
Hope this helps someone!
精彩评论