Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

PKCS12 to DER

843811Jun 19 2001 — edited Aug 22 2003
Hi,

If I have a pkcs12 encoded client certificate chain, how can I convert it so that I can use the JKS keyStoreType instead of PKCS12.

If I set the following properties for my application :

javax.net.ssl.KeyStore = .../myfile.p12
javax.net.ssl.keyStoreType = PKCS12
javax.net.ssl.keyStorePassword = mypasswrd

everything runs fine(the user is authenticated).

I have tried converting myfile.p12 to DER using openssl. First, i converted the file to PEM :
openssl pkcs12 -in myfile.p12 -out myfile.pem

Then, I converted the file to DER :
openssl x509 -in myfile.pem -inform PEM -out myfile.der -outform DER

Now, if I try creating a keystore using keytool and authenticate the client, I get a Broken pipe error. I did the following to create the keystore :
keytool -import -alias myalias -file myfile.der -keystore mykeystore

After, I changed the properties to :

javax.net.ssl.KeyStore = .../mykeystore
javax.net.ssl.keyStoreType = JKS
javax.net.ssl.keyStorePassword = mykeystorepasswrd

Does anyone know what I am doing wrong ??
Can anyone help, please ??

Note :
I am not even able to use a DER encoded certificate that was converted using IE5. The pkcs12 certificate works perfectly but after converting it to DER, I cant use the certificate to authenticate the client.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 19 2003
Added on Jun 19 2001
2 comments
1,885 views