Wednesday, 8 February 2023

Import a self-signed certificate to java keystore

This post is divided into three sections.

a.   Generate a self-signed certificate

b.   Import the certificate to keystore

c.    Export the public and private keys from the keystore

 

Generate a self-signed certificate

Go to this post, and create a .der file

 

Import the certificate to keystore

 Open terminal and execute below command.

 

keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der

$keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der
Enter keystore password:  
Re-enter new password: 
Owner: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Issuer: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Serial number: fef9fa87f9f94435
Valid from: Wed Feb 08 10:26:36 IST 2023 until: Thu Feb 08 10:26:36 IST 2024
Certificate fingerprints:
     SHA1: 7C:86:63:8B:3B:92:5B:EA:57:DC:B8:F0:FE:40:57:D7:EF:32:13:D6
     SHA256: E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1

Warning:
The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.

Trust this certificate? [no]:  y
Certificate was added to keystore

 

Print the entries in keystore.

keytool -list -keystore myKeystore.jks
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

java-blogspot, 8 Feb 2023, trustedCertEntry, 
Certificate fingerprint (SHA-256): E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37

Export public key for the alias java-blogspot

keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert

$keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert
Enter keystore password:  
Certificate stored in file <public.cert>
$
$
$cat public.cert 
-----BEGIN CERTIFICATE-----
MIIDlDCCAnwCCQD++fqH+flENTANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYD
VQQKDAdhYmNDb3JwMQswCQYDVQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5j
b20xHDAaBgkqhkiG9w0BCQEWDWRlbW9AZGVtby5jb20wHhcNMjMwMjA4MDQ1NjM2
WhcNMjQwMjA4MDQ1NjM2WjCBizELMAkGA1UEBhMCSU4xEjAQBgNVBAgMCUthcm5h
dGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYDVQQKDAdhYmNDb3JwMQswCQYD
VQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5jb20xHDAaBgkqhkiG9w0BCQEW
DWRlbW9AZGVtby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+
DD14AR8oC1z8Jj2EUt7NNTTHVay8V84AeQxjqf5SULDNo428T8h3NaQNwOfpvVlP
zPbln5yit/SCSc5ZHXb2ijdedxcDeBgQn9jjXtoGZAzzjj0s36gMVw8hWJRLnNus
C0vfp7URCc4qvGWD3erktm4hh8IXDgggpOrHNXAdG1NtfUsq7u4Ys6ZUfVWJ0Qd4
PPKZDpGwpfFm07m5PxEJ7DaIMXwJaztdV/ub+DY+R5qzYltMSfNoGcjdL+zWouCh
65rNJC+iYZuh9cp/rb+N16Ln+H8mdt5Z9H/sX/00IftvCtGNyxCK42t+iF0DKiFT
4txB84NA/HvkNtRCtJptAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAA7zpvhg6gxm
ieEFwqOSpdoUtj1b/UrmOq7Viol/PFZrSH4EWQHmIOZGTl+QQfwviZBjgJCzizRK
G+4CQBvpKTZOA1C6hYdxkhkVfdZ2fAAJahz+FuexzQR7FOxPf75Rixiosc87/m91
OVpu/KsJtUiS44cEwGfgz7LUsh6vUYHQnIIGCu2l0byuUBU64KnX1vpuDKwmQ2II
nzbANQ0CFINctgczk63FaadyPbUzUeuxy3fqxMgeIB92QqW536yGRVAOGqZ0aRgL
ouYm43egLnQMnQacHNXxVwfc/lQfoGRx1t9t46+Hu4KaINqnPYgo/my5XOAJZ+98
d+FHjYT0bYE=
-----END CERTIFICATE-----

Note

Just to note, only public key is embedded in the SSL certificate and Private key is stored on the server and kept secret.

 

Previous                                                 Next                                                 Home

No comments:

Post a Comment