2

I want use android HTTPS connection. I have SSL certificate in .crt format but android needs .bks format how can I convert this certificate format in ubuntu

Shreyas Kulkarni
  • 21
  • 2

2 Answers2

1

Steps:-

  1. Convert ".crt" to ".cer - (Base 64)" via Windows OS or any other source.

  2. Download "Bouncy Castle provider" (bcprov-jdkxx-xxx.jar) from http://www.bouncycastle.org/latest_releases.html

  3. Use following cmd to convert ".cer" generated to ".bks" format :-

"pathOfJRE/bin/keytool_here" -importcert -v -trustcacerts -file ".cerFilePath_here" -alias myAlias -keystore "pathToStoreGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "downloadedBouncyCastleProviderLocation_here" -storetype BKS -storepass "bksFilePassword_here"

******Example****** "C:\Program Files (x86)\Java\jre1.8.0_91\bin\keytool" -importcert -v -trustcacerts -file "C:\Users\chetan\Desktop\Pravin-123/abc_prod.cer" -alias myAlias -keystore "C:\Users\chetan\Desktop\Pravin-123/abc_tbu__prod.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Users\chetan\Desktop\Pravin-123\bcprov-jdk15on-155.jar" -storetype BKS -storepass "abc!Tbu@app123"

  1. Verify the .bks file generated, cmd :-

"pathOfJRE/bin/keytool_here" -list -keystore "pathOfeGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ""downloadedBouncyCastleProviderLocation_here" -storetype BKS -storepass "bksFilePassword_here"

******EXAMPLE***** "C:\Program Files (x86)\Java\jre1.8.0_91\bin\keytool" -list -keystore "C:\Users\chetan\Desktop\Pravin-123/abc_tbu__prod.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Users\chetan\Desktop\Pravin-123\bcprov-jdk15on-155.jar" -storetype BKS -storepass ""abcTbu@app123"

  1. use this bks file in android. Place it in raw folder and give its path to Secure httpUrlConnection

-Ref: http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html ,

https://github.com/ikust/hello-pinnedcerts

pravingaikwad07
  • 482
  • 1
  • 7
  • 24
0

To generate the .bks file, you need:

  • openssl
  • sed
  • keytool (comes with JAVA)
  • Bouncy Castle Jar - Link to File

Now perform the following steps:

Obtain server's public self-signed certificate:

echo | openssl s_client -connect [SERVER_URL]:443 2>&1 | \
  sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" > [Certificate_file_name].pem

Generate .bks file using a pass phrase

keytool -importcert -v -trustcacerts -file "[Certificate_file_name].pem" \
  -alias [Alias_name] -keystore "[BKS_file_name].bks" \
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
  -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]

Confirm that the file is created

keytool -list -keystore "[BKS_file_name].bks" \
  -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
  -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]
Prerak Sola
  • 9,517
  • 7
  • 36
  • 67