Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Creating JSK for a Java based web server

Daniel Nashed – 27 October 2019 22:27:38
This weekend I have been looking into setting up a Flexnet server, which is based on a Java process that needs a certificate.
The server uses the Java Key Store format (JKS) which isn't obvious to create form an existing certificate.

It's easier when you have an existing store. But for a server you usually need a new JKS file.


I found a quite straight forward but not obvious path.


This might be also interesting for other applications. That's why I am posting it here. Having that information would have saved me an hour of research.

-- Daniel



Convert PEM into P12


In many cases you have a PEM file with the key, leaf certificate, intermediate certs and the trusted root.

This can be converted to a pkcs12 (aka as p12) file. This format can be used by many web-servers. But like Domino needs it's own keyring format, Java needs the JKS format.


openssl pkcs12 -export -out lls.p12 -in lls.pem -password pass:mypassword



Import p12 into a new JKS


Once you created a p12, the Java keytool can convert the p12 into a JKS.
This step creates a new JKS file with all the information from the p12 file :-)

keytool -importkeystore -deststorepass mypassword -destkeystore lls.jks -srcstorepass mypassword -srckeystore lls.p12 -srcstoretype PKCS12


That's a quite straight forward way, which can be used to automate the process.

Show Certs


Once you have created the JKS, you can dump all information from the JKS file to check it's all included.

keytool -list -keystore lls.jks -storepass mypassword -v



Comments

1David Marko  28.10.2019 5:42:47  Creating JSK for a Java based web server

Much easier solution: https://keystore-explorer.org/

2Daniel Nashed  28.10.2019 6:53:40  Creating JSK for a Java based web server

Thanks David!

I didn't know that tool! I will have a look.

But depending on what you do, you will need a way that allows automation and no extra software installation.

If you don't need that specially for Windows this is a great tool to have!

Linux admin are used to cryptic command line stuff :-)

-- Daniel

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]