Tuesday, September 4, 2012

Convert Wallet Into Keystore (OHS to Weblogic SSL) - Verse 2

Completing my previous notes about Converting Wallet into Keystore, this is other steps to do the convert and it is more simple than before. For Identity Keystore, I create an empty keystore, actually I create a keystore with dummy certificate and then delete the dummy certificate. And for the Trust Keystore I'm using Firefox browser convert the CAs.
So, the steps:

 IDENTITY KEYSTORE

CREATE AN EMPTY JKS KEYSTORE
keytool -genkey -alias dummy -keystore identity_keystore.jks
keytool -delete -alias dummy -keystore identity_keystore.jks

IMPORT wallet_server.p12 INTO identity_keystore.jks
keytool -v -importkeystore -srckeystore wallet_server.p12 -srcstoretype PKCS12 -destkeystore identity_keystore.jks -deststoretype JKS


TRUST KEYSTORE

For CAs (which mine is in DER format), I tried a different way. I'm using Firefox browser to convert DER into PEM format.

IMPORT CA CERTIFICATES INTO FIREFOX
options -> Advanced -> Encryption -> View Certificates -> Import 

EXPORT THE CAs INTO PEM FORMAT (X.509 Certificate - PEM)

 CREATE TRUSTED CA - CERTIFICATE CHAIN KEYSTORE
keytool -import -trustcacerts -file Inter1-CA.pem -keystore trust_keystore.jks -alias inter1
keytool -import -trustcacerts -file Inter2-CA.pem -keystore trust_keystore.jks -alias inter2
keytool -import -trustcacerts -file Root-CA.pem -keystore trust_keystore.jks -alias root


That's it, simple than the previous. Of course, there are many other ways to complete the task, but hope mine helps.

Posted by at

2 comments:

  1. CandidGamera :April 10, 2013 at 12:18 PM

    Looking to create an identity keystore from an Oracle wallet file; the first command executes just fine, the second (keytool -delete -alias dummy -keystore identity_keystore.jks) yields "keytool error: java.lang.IllegalStateException: masked envelope"; trying the actual import, I got "Unrecognized command: -v". I'm guessing I need to update my version of keytool, but I'd love some confirmation on that.

    ReplyDelete
  2. CandidGamera :April 10, 2013 at 12:36 PM

    Ha. My keytool was still pointing to the old 1.4.2 version. I updated and the commands worked fine, except that the 'successful' import imported 0 entries.

    keytool -v -importkeystore -srckeystore QualitySSL2.p12 -srcstoretype PKCS12 -destkeystore banner_keystore.jks -deststoretype JKS
    Enter destination keystore password:
    Enter source keystore password:
    Import command completed: 0 entries successfully imported, 0 entries failed or cancelled

    It isn't empty..

    ReplyDelete

Subscribe to: Post Comments (Atom)