Wednesday, 8 February 2023

Import a self-signed certificate to java keystore

This post is divided into three sections.

a.   Generate a self-signed certificate

b.   Import the certificate to keystore

c.    Export the public and private keys from the keystore

 

Generate a self-signed certificate

Go to this post, and create a .der file

 

Import the certificate to keystore

 Open terminal and execute below command.

 

keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der

$keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der
Enter keystore password:  
Re-enter new password: 
Owner: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Issuer: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Serial number: fef9fa87f9f94435
Valid from: Wed Feb 08 10:26:36 IST 2023 until: Thu Feb 08 10:26:36 IST 2024
Certificate fingerprints:
     SHA1: 7C:86:63:8B:3B:92:5B:EA:57:DC:B8:F0:FE:40:57:D7:EF:32:13:D6
     SHA256: E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1

Warning:
The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.

Trust this certificate? [no]:  y
Certificate was added to keystore

 

Print the entries in keystore.

keytool -list -keystore myKeystore.jks
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

java-blogspot, 8 Feb 2023, trustedCertEntry, 
Certificate fingerprint (SHA-256): E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37

Export public key for the alias java-blogspot

keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert

$keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert
Enter keystore password:  
Certificate stored in file <public.cert>
$
$
$cat public.cert 
-----BEGIN CERTIFICATE-----
MIIDlDCCAnwCCQD++fqH+flENTANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYD
VQQKDAdhYmNDb3JwMQswCQYDVQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5j
b20xHDAaBgkqhkiG9w0BCQEWDWRlbW9AZGVtby5jb20wHhcNMjMwMjA4MDQ1NjM2
WhcNMjQwMjA4MDQ1NjM2WjCBizELMAkGA1UEBhMCSU4xEjAQBgNVBAgMCUthcm5h
dGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYDVQQKDAdhYmNDb3JwMQswCQYD
VQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5jb20xHDAaBgkqhkiG9w0BCQEW
DWRlbW9AZGVtby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+
DD14AR8oC1z8Jj2EUt7NNTTHVay8V84AeQxjqf5SULDNo428T8h3NaQNwOfpvVlP
zPbln5yit/SCSc5ZHXb2ijdedxcDeBgQn9jjXtoGZAzzjj0s36gMVw8hWJRLnNus
C0vfp7URCc4qvGWD3erktm4hh8IXDgggpOrHNXAdG1NtfUsq7u4Ys6ZUfVWJ0Qd4
PPKZDpGwpfFm07m5PxEJ7DaIMXwJaztdV/ub+DY+R5qzYltMSfNoGcjdL+zWouCh
65rNJC+iYZuh9cp/rb+N16Ln+H8mdt5Z9H/sX/00IftvCtGNyxCK42t+iF0DKiFT
4txB84NA/HvkNtRCtJptAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAA7zpvhg6gxm
ieEFwqOSpdoUtj1b/UrmOq7Viol/PFZrSH4EWQHmIOZGTl+QQfwviZBjgJCzizRK
G+4CQBvpKTZOA1C6hYdxkhkVfdZ2fAAJahz+FuexzQR7FOxPf75Rixiosc87/m91
OVpu/KsJtUiS44cEwGfgz7LUsh6vUYHQnIIGCu2l0byuUBU64KnX1vpuDKwmQ2II
nzbANQ0CFINctgczk63FaadyPbUzUeuxy3fqxMgeIB92QqW536yGRVAOGqZ0aRgL
ouYm43egLnQMnQacHNXxVwfc/lQfoGRx1t9t46+Hu4KaINqnPYgo/my5XOAJZ+98
d+FHjYT0bYE=
-----END CERTIFICATE-----

Note

Just to note, only public key is embedded in the SSL certificate and Private key is stored on the server and kept secret.

 

Previous                                                 Next                                                 Home
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)