The Tomcat SSL Connector in the conf/server.xml file seems to want to use a java keystore file.
That keystore file is usually created with the $JAVA_HOME/jre/bin/keytool program. Unfortunately, I was given a key file by my sys admin, and keytool requires that the pem file containing the key is X.509 encoded.
The openssl program will happily take care of encoding the pem file containing the actual certificate file:
-----BEGIN CERTIFICATE-----Unfortunately, it doesn't seem to work for the actual key file:
...asdfghjkl=...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----So, I asked Mike if he happened to know anything about SSL and Java keystores. He gave me this script (slightly modified from the original):
...asdfghjkl...
-----END RSA PRIVATE KEY-----
http://pastebin.com/f73d69466
His script basically automates the process of getting a personal certificate, or rather, converting between a SSL chain certificate pem file and a Java keystore file.
It does this by first using openssl to create a PKCS12 encoded version of the pem file given piped thru stdin, and then using PKCS12Import to store the PKCS12 entry into the Java keystore. Very nice.
Further reading:
Extracting private key from Java
Some Java source code for the com.sun.xml.wss package at dev.java.net
In summary, Mike is cool. Thanks, Mike.
No comments:
Post a Comment