I have a Java Server Which understands .jks format and client which understand .pem . I have generate Server key-pair using keytool and Client key-pair using openssl but for mutual authentication how do I import client's public key into server's JKS and Server Public key into client .pem file.
Asked
Active
Viewed 977 times
0
Avinash
- 12,851
- 32
- 116
- 186
1 Answers
0
Most recent versions of keytool understand PEM. So in those cases one uses
keytool -importcert ...
and assuming that you've already imported the cert you've signed the client cert with (as a trustcacert) you should be good. Otherwise also import that with the -trustcacert (or if it is iselfsigned - add that flag to the import).
If you are on an older java, say on RHEL, then you need to convert it to DER format first. Conversion is done with:
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in client.pem -out client.net -outform NET
And that should be it. On the client side - one generally does not import the server cert into the client cert - but imports these separately into your application. So to answer that one would need to know what your client application is.
Dirk-Willem van Gulik
- 7,566
- 2
- 35
- 40
-
Could you please explain more in deatail. – Avinash Jun 18 '12 at 08:31
-
Sorry - you'll have to be a lot more exact in order to allow one to add detail beyond above. What versions/SKD, what is the client app/framework, what is the server app/framework, are you using self signed or is there a CA involved. Perhaps start with a description of the client and the server and the commands you used to create your keys. – Dirk-Willem van Gulik Jun 18 '12 at 12:56