I have some case need to create .NET WSE 3 Client to refer Axis2 Web Services with WSS4J OASIS Security( WS-Security specification 1.0), if you have only the Java format keystore, you have to convert it to MS format for signatures upon web service call.
- Download J2SE package and setup JDK and JRE 6 on workstation. (There are many internet information about it, so omit here)
- Download KeyTool IUI version 2.4.1 (Match with JRE 6) from (http://yellowcat1.free.fr/index_ktl.html) and unzip to some folder and double click to run file run_ktl.bat to open visiable KeyTool IUI window
- Click menu [View] - [Select task] - [Export] - [Keystore's entry] - [Private key]
- Click browser icon to pick up the keystore JKS file and enter the keystore password in Source.
- Click to select PEM format on both Target Private key file and Certificates chain file:
- Click the save icon to designate some local folder to save the 2 PEM files.
- Manullay create a text file merged.pem and merge these 2 PEM files to one pem file. ( Use notepad to open the 2 PEM files and respectively copy to merge in, CERTIFICATE first and then RSA PRIVATE KEY.
- Download and setup OpenSSL (http://www.slproweb.com/products/Win32OpenSSL.html)
- Open command line and run follows: ( Assume the openssl in C root and you want the PFX file name: pfxname
C:\OpenSSL\bin\openssl pkcs12 -export -out pfxname.pfx -in merged.pem - You will find the pfx file in current folder then.
12 comments:
Can you clarify this step: Manullay create a text file merged.pem and merge these 2 PEM files to one pem file. ( Use notepad to open the 2 PEM files and respectively copy to merge in, CERTIFICATE first and then RSA PRIVATE KEY.
I have got everything else to work this far.
Thank you!
Dawna,
You can use notepad to new a file named merged.pem, then copy the text in from the 2 PEM file(open it by any of text editor). Paste the text of certificate PEM first and press an enter key to go next row and paste the text of RAS Private PEM then. It's kind like follows:
-----BEGIN CERTIFICATE-----
MIICgjCCAesCBETraS4wDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVTMRMw
..............More
dBiezuz88FJYwY4JYE5P4IiqG4CWaA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCmWPLRpJm3+ZwC7JOt/34zZoIWa+WDAV7xf/bJh/w8LcSmCXk5
..............More
UUgoEbuiqVq4E/o+EOBxOSq3TkEpdght59Bjj4NBMjXx
-----END RSA PRIVATE KEY-----
Does this makes sense?
Its really great work.. Last 2 days I was struggling, finally I made it with help of above procedure. Thanks a lot. Guru
Worked like a charm, thanks Teddy!
KeyTool IUI is no longer available on the net... damn, hopefully these "free software" sites do not host trojan alternatives. :D
Teddy, You saved me!!!
Thanks, Leo
KeyTool IUI is now a Google Code Project.
http://http://code.google.com/p/keytool-iui/
Great description! Thank you!!!
Hi! I've been doing all the steps, but on the last one, I'm getting this error:
unable to load private key
8652:error.0906D06C:PEM routines:PEM_read_bio: no start line...
Expecting any PrivateKey
I don't understand why this is happening :S Do you happen to you why? Thanks in advance
Looks like your merge file has some format issue. Try to recombine the to file by regular text editor (such as notepad++, editor plus, etc) with UTF-8 encoding.
Thank you!! It looks like the certificate isn't able to be converted because it is incompatible with openssl :(
Thanks anyway!!
If you want to replace keytool with a GUI tool then you can also use CERTivity.
http://www.edulib.com/products/keystores-manager/
It can handle different types of keystores (JKS, JCEKS, PKCS12, BKS, UBER, Windows) and digital signatures.
Post a Comment