Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Import p7b file to Java Keystore using keytool

Tags:

java

keytool

I'm trying to import a p7b file from a third party in to a java trust store. It looks like the p7b contains a root cert and a public key.

I'm trying to import it using a command similar to

keytool -importcert -file certs.p7b -keystore dave.jks -storetype JCEKS -trustcacerts

When the file was presented to me by the third party, they did not tell me what the alias of the public key is.

Am I right in thinking that I can't import it without knowing this information?

like image 417
DaveH Avatar asked Jan 30 '19 16:01

DaveH

People also ask

How do I import a P7B file?

Expand the Personal folder > right click the Certificates sub-folder > All Tasks > Import. The certificate importation wizard will open > select Next. Browse to the saved . p7b file.

1 Answers

It is a quite old question. But I just faced the same problem, so I will post what I did.

We had a .p7b file from a public agency holding a certificate chain that had to be accepted in our system. As it had a certificate chain, it could not be imported directly to a p12 file, so, first, with openssl I inspected it:

 openssl pkcs7 -print_certs -inform der -in file.p7b

This command gives a list of aliases and base64-encoded certificates:

subject=LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE1'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----

subject=LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE2'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----

This list was quite long, as the .p7b file held several certificates.

The next step was to copy all fragments between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and store them in different files with a .pem extension:

certificate1.pem
certificate2.pem
...

And then import them to the keystore, using the long commonname as alias:

keytool -alias "LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate1.pem -keystore trustcerts.p12 -storetype PKCS12
keytool -alias "LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate2.pem -keystore trustcerts.p12 -storetype PKCS12

After this, we had a pkcs12 keystore with all the .p7b certificates.

like image 81
Oscar Pérez Avatar answered Oct 07 '22 22:10

Oscar Pérez
Sign in to Comment

Related questions

Update single item GoolgeMap Cluster
maven-javadoc-plugin error javadoc: error - cannot read Input length = 1 with non-ASCII characters in directory name
BCECPublicKey to fingerprint
Is it possible to call a vb cls file in java
Getting NoProviderFoundException When try to implement "Hibernate Validator"
How to get the karaf rest example to work?
return this from a generic method generalized with <T extends TestClass>
Android/Java: open a link in Chrome using a specific tab (not the last one)
@VisibleForTesting() function not triggering compile error for production code when being used
Json request body to java object with spring-boot
GraphQL with Java - How to seperate resolvers into multiple classes
OpenJDK 11 problem - Client finished handshake before last UNWRAP
Does OpenJDK have a tool similar to jstack (Oracle Java)?
When I use computeIfAbsent to calculate fibonacci numbers, hashmap size() returns incorrect value
Selenium Automation: What should be the acceptable range of failed test cases apart from the valid fails when running a test suite?
Spark Kryo register for array class
Why is Spliterators.spliteratorUnknownSize() not late-binding?
Create an Hour Glass pattern on Java or Python using Simple Code?
Will all futures passed to CompletableFuture.allOf() run?
How do I add Tomcat rewrite valve to Spring Boot 2.0 application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!