Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Load a x509 cert + rsa key and x509 ca and create an sslcontext in java using jruby. This took me a few hours to figure out since I wasn't super familiar with java, but here you go! Btw, you'll notice I'm using bouncycastle which is fine because it's a dependency of jruby-openssl. So as long as you require "openssl" this should work out of the box.
require "openssl"
def create_ssl_context(options)
# Create our certs and key converters to go from bouncycastle to java.
cert_converter =
key_converter =
# Load the certs and keys.
tls_ca_cert = cert_converter.getCertificate(read_pem_object_from_file(options[:tls_ca_cert]))
tls_client_cert = cert_converter.getCertificate(read_pem_object_from_file(options[:tls_client_cert]))
tls_client_key = key_converter.getKeyPair(read_pem_object_from_file(options[:tls_client_key]))
# Setup the CA cert.
ca_key_store =
ca_key_store.load(nil, nil)
ca_key_store.setCertificateEntry("ca-certificate", tls_ca_cert)
trust_manager =
# Setup the cert / key pair.
client_key_store =
client_key_store.load(nil, nil)
client_key_store.setCertificateEntry("certificate", tls_client_cert)
certificate_java_array = [tls_client_cert].to_java(
empty_password = [].to_java(:char)
client_key_store.setKeyEntry("private-key", tls_client_key.getPrivate, empty_password, certificate_java_array)
key_manager =
key_manager.init(client_key_store, empty_password)
# Create ssl context.
context ="TLSv1.2")
context.init(key_manager.getKeyManagers, trust_manager.getTrustManagers, nil)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.