Created
February 6, 2021 23:03
-
-
Save tikimcfee/01b6a4a0f98d6f657e12ef6a46892482 to your computer and use it in GitHub Desktop.
THE UNSPOKEN ONE WROTE A TUTORIAL ON PEM AND JKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html xml:lang="en-us" lang="en-us"><head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | |
<meta name="copyright" content="(C) Copyright 2005"> | |
<meta name="DC.rights.owner" content="(C) Copyright 2005"> | |
<meta name="DC.Type" content="task"> | |
<meta name="DC.Title" content="Converting PEM-format keys to JKS format"> | |
<meta name="abstract" content="This topic describes how to convert PEM-format certificates to the standard Java KeyStore (JKS) format."> | |
<meta name="description" content="This topic describes how to convert PEM-format certificates to the standard Java KeyStore (JKS) format."> | |
<meta name="DC.Audience.Experiencelevel" content="general"> | |
<meta name="DC.Audience.Job" content="administering"> | |
<meta name="DC.Audience.Type" content="administrator"> | |
<meta name="prodname" content="Oracle Endeca Server"> | |
<meta name="version" content="7.4.0"> | |
<meta name="release" content="2012-09"> | |
<meta name="component" content="Endeca Server"> | |
<meta name="platform" content="All"> | |
<meta name="DC.Format" content="XHTML"> | |
<meta name="DC.Identifier" content="task_8783C7B43E754FC4808F551C6AE5108F"> | |
<meta name="DC.Language" content="en-us"> | |
<link rel="stylesheet" type="text/css" href="../commonltr.css"> | |
<link rel="stylesheet" type="text/css" href="../webhelp_custom.css"> | |
<title>Converting PEM-format keys to JKS format</title> | |
<script>bazadebezolkohpepadr="315658639"</script><script type="text/javascript" src="https://docs.oracle.com/akam/11/12d091e6" defer=""></script></head> | |
<body id="task_8783C7B43E754FC4808F551C6AE5108F"> | |
<h1 class="title topictitle1">Converting PEM-format keys to JKS format</h1> | |
<div class="body taskbody"><p class="shortdesc">This topic describes how to convert PEM-format certificates to the | |
standard Java KeyStore (JKS) format. | |
</p> | |
<div class="section prereq p" id="task_8783C7B43E754FC4808F551C6AE5108F__prereq_F841BB97B3EB4B7E8B252C3C21B9B604"> | |
<p class="p">The Java KeyStores can be used for communication between | |
components that are configured for SSL (for example, between Studio and the | |
Oracle Endeca Server, if both are | |
SSL-enabled). | |
</p> | |
<div class="p">Two utilities (located in Endeca Server directories) are referenced in | |
the instructions below: | |
<ul class="ul" id="task_8783C7B43E754FC4808F551C6AE5108F__ul_273C847F96DB430BA1F70C2F86A6D412"> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_0702D88A367B44079B1572DADD9E6D0A"><span class="ph filepath">openssl</span> (located | |
in the | |
<span class="ph filepath">endeca-server/dgraph/bin</span> directory. | |
</li> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_9EE7039943BA4F89AD42EB63AA0779BE"><span class="ph filepath">keytool</span> (located | |
in the | |
<span class="ph filepath">shared/jre/bin</span> directory. | |
</li> | |
</ul> | |
</div> | |
</div> | |
<div class="section context" id="task_8783C7B43E754FC4808F551C6AE5108F__context_1C97AC3B7F1840169312AEF505AAA172"> | |
<div class="p">This procedure assumes the following: | |
<ul class="ul" id="task_8783C7B43E754FC4808F551C6AE5108F__ul_7E54D2CEEFA54663A55C34E22B79D699"> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_603FDA1C8C2F438BB298A411F144CDA0">You have set your path | |
environment variable to add Dgraph | |
<span class="ph filepath">utilities</span> directory and the Dgraph binaries to | |
the search path, to allow you to run the | |
<span class="ph filepath">openssl</span> utility from the directory of your | |
choice. | |
</li> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_646CE3D4E1384617BE736AC313BB3D69">Your path will allow you | |
to use the | |
<span class="ph filepath">keytool</span> utility from the directory of your | |
choice. | |
</li> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_02581915ADBA4ED0BCA91B97E61BED4F">You have already generated | |
the set of standard SSL certificates with the | |
<span class="ph filepath">enecerts</span> command, as documented earlier in this | |
section. | |
</li> | |
<li class="li" id="task_8783C7B43E754FC4808F551C6AE5108F__li_A12CC8C9BB284F44A36107F423E69FF1">All of the input files are | |
located in the local directory. | |
</li> | |
</ul> | |
</div> | |
<p class="p">To convert the PEM-format keys to Java KeyStores: | |
</p> | |
</div> | |
<ol class="ol steps" id="task_8783C7B43E754FC4808F551C6AE5108F__steps_A43459F769834E7DA2C92EC21997EE1C"><li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_8148FF7658D04AA0A0A5AFFB6BDAB957"> | |
<span class="ph cmd">Convert the certificate from PEM to PKCS12, using the following | |
command: | |
</span> | |
<div class="itemgroup info"> | |
<pre class="pre codeblock">openssl pkcs12 -export -out eneCert.pkcs12 -in eneCert.pem</pre> | |
You may ignore the warning message this command issues. | |
</div> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_6944D05C1C8B4D1C970F77383F88D018"> | |
<span class="ph cmd">Enter and repeat the export password. | |
</span> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_8AE29870614840BD88523377E5956621"> | |
<span class="ph cmd">Create and then delete an empty truststore using the following | |
commands: | |
</span> | |
<div class="itemgroup info"> | |
<pre class="pre codeblock">keytool -genkey -keyalg RSA -alias endeca -keystore truststore.ks | |
keytool -delete -alias endeca -keystore truststore.ks</pre> | |
The | |
<span class="ph filepath">-genkey</span> command creates the default certificate | |
shown below. (This is a temporary certificate that is subsequently deleted by | |
the | |
<span class="ph filepath">-delete</span> command, so it does not matter what | |
information you enter here.) | |
<pre class="pre codeblock">Enter keystore password: | |
Re-enter new password: | |
What is your first and last name? | |
[Unknown]: | |
What is the name of your organizational unit? | |
[Unknown]: | |
What is the name of your organization? | |
[Unknown]: | |
What is the name of your City or Locality? | |
[Unknown]: | |
What is the name of your State or Province? | |
[Unknown]: | |
What is the two-letter country code for this unit? | |
[Unknown]: | |
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? | |
[no]: yes | |
Enter key password for <endeca> | |
(RETURN if same as keystore password): | |
Re-enter new password:</pre> | |
</div> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_F840A0E9E0DA49B0B073A89814007C2C"> | |
<span class="ph cmd">Import the CA into the truststore, using the following command: | |
</span> | |
<div class="itemgroup info"> | |
<pre class="pre codeblock">keytool -import -v -trustcacerts -alias endeca-ca -file eneCA.pem -keystore truststore.ks</pre> | |
</div> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_2DDA8B26B6F64947B0CA70077D79663C"> | |
<span class="ph cmd">Enter the keystore password). | |
</span> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_50A3A7461A8D40B7BA2D81B67C84DEC3"> | |
<span class="ph cmd">At the prompt, "Trust this certificate?" type | |
<span class="ph filepath">yes</span>. | |
</span> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_8C711F6295D34C8FB1A3F4C0CBF80DF2"> | |
<span class="ph cmd">Create an empty Java KeyStore, using the following commands: | |
</span> | |
<div class="itemgroup info"> | |
<pre class="pre codeblock">keytool -genkey -keyalg RSA -alias endeca -keystore keystore.ks | |
keytool -delete -alias endeca -keystore keystore.ks</pre> | |
The | |
<span class="ph filepath">-genkey</span> command creates the default certificate | |
shown below. (This is a temporary certificate that is subsequently deleted by | |
the | |
<span class="ph filepath">-delete</span> command, so it does not matter what | |
information you enter here.) | |
<pre class="pre codeblock">Enter keystore password: | |
Re-enter new password: | |
What is your first and last name? | |
[Unknown]: | |
What is the name of your organizational unit? | |
[Unknown]: | |
What is the name of your organization? | |
[Unknown]: | |
What is the name of your City or Locality? | |
[Unknown]: | |
What is the name of your State or Province? | |
[Unknown]: | |
What is the two-letter country code for this unit? | |
[Unknown]: | |
Is CN="Unknown", OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? | |
[no]: yes | |
</pre> | |
</div> | |
</li> | |
<li class="li step stepexpand" id="task_8783C7B43E754FC4808F551C6AE5108F__step_B2AC8C0381CE4E42A32E5AA3EE9600C8"> | |
<span class="ph cmd">Import your private key into the empty JKS, using the following | |
command: | |
</span> | |
<div class="itemgroup info"> | |
<pre class="pre codeblock">keytool -v -importkeystore -srckeystore eneCert.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.ks -deststoretype JKS</pre> | |
</div> | |
</li> | |
</ol> | |
</div> | |
<div id="footer"> | |
<p>Oracle Endeca Server Administrator's Guide · Version 7.4.0 · June 2014 · Revision A</p> | |
<p><a href="../../../dcommon/html/cpyr.htm">Copyright © 2003, 2014, Oracle and/or its affiliates. All rights reserved.</a></p> | |
<p><img src="../xmwebhelp/images/oracle_official_sm2.png" alt="Oracle logo"></p> | |
</div> | |
<noscript><img src="https://docs.oracle.com/akam/11/pixel_12d091e6?a=dD02YmI2MmUyODVkMTYyYWUxMjgzYjkzZDA1NzYyZWE5MGUwNmM4NmY0JmpzPW9mZg==" style="visibility: hidden; position: absolute; left: -999px; top: -999px;" /></noscript> | |
</body></html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment