Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

importing pfx certificate WITH private key into JKS keystore?

843811Jan 9 2003 — edited Feb 26 2004
Hi.
I am writing a SOAP client application which connects to a HTTPS server with mutual authentication (ie both server and client authentication). The server authentication is working OK, as I have correctly imported the web server Root CA certificate into the truststore I am using.

But, from the server I have received the client certificate to be used, as a PKCS12 certificate to be used in a .pfx file. That is, the certificate which the client will have to use to authenticate itself with the server. The certificate file also includes the private key (of course, as it will be needed when encrypting the data to be sent).
The file is working, as the

Now, how do I import it into the Java keystore?

I have read on this very forum (and tried myself without success), that keytool does not import certificates in PKCS12 format with private keys into the keystore.

Now, programmatically I have been able to read the certificate from the pfx file directly, as shown below:

KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
ks2.load(null, null);
FileInputStream fin = new FileInputStream(new File("client_cert.pfx");
// Certificate read from file?
ks2.load(fin, "client_password".toCharArray());
kmf.init(ks2, "keystore_password".toCharArray());
fin.close();

com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("SSLv3");
KeyManager[] km = kmf.getKeyManagers();
/*
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(km, tm, null);
*/

And it works for initiating simple URL connections and reading from them with inputstreams. I am however using the Apache Axis SOAP toolkit, and it completely ignores the above code, trying to read the client certificate from the keystore anyway, even though I have already have performed an SSL handshake, and of course failing (as the certificate simply is not there).

So, if anyone knows how to import a pfx certificate WITH its private key into the default JKS keystore, I will greatly appreciate some feedback.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 25 2004
Added on Jan 9 2003
#java-secure-socket-extension-jsse
10 comments
6,387 views