Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to add .crt file to keystore and trust store

Tags:

java

ssl

I am having a .crt file and I wanted to import to keystore and truststore using java(first create keystore and truststore then import).

Below is the code that I am using:

import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslContextConfigurator;
import org.glassfish.tyrus.client.SslEngineConfigurator;

@ClientEndpoint
public class test {

    private static CountDownLatch latch;

    private Logger logger = Logger.getLogger(this.getClass().getName());

    @OnOpen
    public void onOpen(Session session) {
        logger.info("Connected ... " + session.getId());
        try {
            session.getBasicRemote().sendText("start");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnMessage
    public String onMessage(String message, Session session) {
        BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
        try {
            logger.info("Received ...." + message);
            String userInput = bufferRead.readLine();
            return userInput;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnClose
    public void onClose(Session session, CloseReason closeReason) {
        logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
    }

    public static void main(String[] args) {
        latch = new CountDownLatch(1);
        ClientManager client = ClientManager.createClient();

        try {
            client.connectToServer(test.class, new URI("wss://x.x.x.x:8085"));
            latch.await();

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

}

I am using tyrus websocket client so, I need to add the following property:

    final ClientManager client = ClientManager.createClient();
    System.getProperties().put("javax.net.debug", "all");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
    final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();

    defaultConfig.retrieve(System.getProperties());
        // or setup SSLContextConfigurator using its API.

    SSLEngineConfigurator sslEngineConfigurator =
        new SSLEngineConfigurator(defaultConfig, true, false, false);
    client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
        sslEngineConfigurator);
    client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
        new URI("wss://localhost:8181/sample-echo/echo"));
    }

So, how can I create keystore and truststore and import .crt into it.

like image 246
ashok Avatar asked Aug 11 '19 19:08

ashok


1 Answers

I solved the above problem by directly importing the .crt file to java keystore:

For importing into java keystore

keytool -trustcacerts -keystore "/jdk/jre/lib/security/cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"

By using above command the server certificate will be validated and connection will be achieved but if you want to create new keystore and import .crt to it means use the below command it will create the keystore of type .jks.

For creating keystore and import .crt

keytool -import -alias testalias -file test.crt -keypass keypass -keystore test.jks -storepass test@123

here

keystore password : test@123
keypass : keypass

As some code will validate and if you are using wss/https it will ask for keystore/truststore configuration then you can use above configuration mentioned in step2(creating keystore and import .crt). Otherwise step1 (importing into java keystore) is enough.

like image 109
ashok Avatar answered Nov 12 '22 10:11

ashok