How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? - Stack Overflow

690 shaares
3 liens privés

690 shaares · 3 liens privés

Filtres

Liens par page

20 50 100

How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? - Stack Overflow

import SSL certificate to Java

echo -n | openssl s_client -connect www.example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/examplecert.crt

show all certificates in PEM format

openssl s_client -showcerts -verify 5 -connect google.fr:443 < /dev/null |
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/{ if(/BEGIN CERTIFICATE/){a++}; out="cert"a".pem"; print >out}'
    for cert in *.pem; do
        newname=$(openssl x509 -noout -subject -in $cert | sed -nE 's/.*CN ?= ?(.*)/\1/; s/[ ,.*]/_/g; s/__/_/g; s/_-_/-/; s/^_//g;p' | tr '[:upper:]' '[:lower:]').pem
        echo "${newname}"; mv "${cert}" "${newname}"
done

(http://hoab.fr/shaarli/?Ve3UZg)

keytool -import -trustcacerts -keystore /usr/local/jre/lib/security/cacerts -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt
keytool -import -trustcacerts -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt
keytool -import -trustcacerts -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt

 $JAVA_HOME/bin/keytool -list -v -keystore ${JAVA_HOME}/lib/security/cacerts

Export public certificate :

keytool -export -alias certalias -keystore newkeystore.jks -file <public key name>.pem

Debug SSL :

-Djavax.net.debug=ssl,handshake

ssl · certificate · java

Fri Jan 15 14:24:20 2016 * · permalien

http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail

Filtres

Liens par page

20 50 100