I have some case need to create .NET WSE 3 Client to refer Axis2 Web Services with WSS4J OASIS Security( WS-Security specification 1.0), if you have only the Java format keystore, you have to convert it to MS format for signatures upon web service call.
- Download J2SE package and setup JDK and JRE 6 on workstation. (There are many internet information about it, so omit here)
- Download KeyTool IUI version 2.4.1 (Match with JRE 6) from (http://yellowcat1.free.fr/index_ktl.html) and unzip to some folder and double click to run file run_ktl.bat to open visiable KeyTool IUI window
- Click menu [View] - [Select task] - [Export] - [Keystore's entry] - [Private key]
- Click browser icon to pick up the keystore JKS file and enter the keystore password in Source.
- Click to select PEM format on both Target Private key file and Certificates chain file:
- Click the save icon to designate some local folder to save the 2 PEM files.
- Manullay create a text file merged.pem and merge these 2 PEM files to one pem file. ( Use notepad to open the 2 PEM files and respectively copy to merge in, CERTIFICATE first and then RSA PRIVATE KEY.
- Download and setup OpenSSL (http://www.slproweb.com/products/Win32OpenSSL.html)
- Open command line and run follows: ( Assume the openssl in C root and you want the PFX file name: pfxname
C:\OpenSSL\bin\openssl pkcs12 -export -out pfxname.pfx -in merged.pem - You will find the pfx file in current folder then.
17 comments:
Can you clarify this step: Manullay create a text file merged.pem and merge these 2 PEM files to one pem file. ( Use notepad to open the 2 PEM files and respectively copy to merge in, CERTIFICATE first and then RSA PRIVATE KEY.
I have got everything else to work this far.
Thank you!
Dawna,
You can use notepad to new a file named merged.pem, then copy the text in from the 2 PEM file(open it by any of text editor). Paste the text of certificate PEM first and press an enter key to go next row and paste the text of RAS Private PEM then. It's kind like follows:
-----BEGIN CERTIFICATE-----
MIICgjCCAesCBETraS4wDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVTMRMw
..............More
dBiezuz88FJYwY4JYE5P4IiqG4CWaA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCmWPLRpJm3+ZwC7JOt/34zZoIWa+WDAV7xf/bJh/w8LcSmCXk5
..............More
UUgoEbuiqVq4E/o+EOBxOSq3TkEpdght59Bjj4NBMjXx
-----END RSA PRIVATE KEY-----
Does this makes sense?
Its really great work.. Last 2 days I was struggling, finally I made it with help of above procedure. Thanks a lot. Guru
Worked like a charm, thanks Teddy!
KeyTool IUI is no longer available on the net... damn, hopefully these "free software" sites do not host trojan alternatives. :D
Teddy, You saved me!!!
Thanks, Leo
KeyTool IUI is now a Google Code Project.
http://http://code.google.com/p/keytool-iui/
Great description! Thank you!!!
Hi! I've been doing all the steps, but on the last one, I'm getting this error:
unable to load private key
8652:error.0906D06C:PEM routines:PEM_read_bio: no start line...
Expecting any PrivateKey
I don't understand why this is happening :S Do you happen to you why? Thanks in advance
Looks like your merge file has some format issue. Try to recombine the to file by regular text editor (such as notepad++, editor plus, etc) with UTF-8 encoding.
Thank you!! It looks like the certificate isn't able to be converted because it is incompatible with openssl :(
Thanks anyway!!
If you want to replace keytool with a GUI tool then you can also use CERTivity.
http://www.edulib.com/products/keystores-manager/
It can handle different types of keystores (JKS, JCEKS, PKCS12, BKS, UBER, Windows) and digital signatures.
The black magic is strong in this one!
Thank you so much!
I spent hours playing around with our many different cer/der/jks files, OpenSSL, signtool, useless guides and disappointing solutions until I found your instructions.
Thank you very much. This helped me to solve my signing issue. By the way for those trying to achive this:
Use
Keytool IUI
-> Export
-> Keystore's entry
-> Private Key
to export the private key and its chain. Needed some trys myself to figure this out.
After selecting the files, in the other window in which appears the list of Trusted Certificate Entries, I have two alias, only one of them is marked as Candidate. That mans that the unmarked one won't be exported? What can we do in order to export both entries??
Thank you! Kind regards,
To Omar,
If I understand correct, you will need to copy the content text and manually merge them together in one file.
Thank you so much! I already had Keystore Explorer in use, but it worked the same way. Left click on the key, select Export->Certificate Chain and Export->Private Key, make sure PEM is checked.
Post a Comment