We need to consider two scenarios here.
1. External system act as a client to ESB. 
     Eg:- SOAP UI invoking ESB proxy
2. External system is a server to ESB.
    EG:- ESB invoking external service
Following image depicts all certificate exchange steps to cater above scenarios.
Showing posts with label keytool. Show all posts
Showing posts with label keytool. Show all posts
Friday, February 19, 2016
Wednesday, February 17, 2016
how to import a private key in to JKS
Lets take following scenario where you implement an application based on asymmetric cipher (Eg:- RSA). Assume you are responsible for the decryption part, where you have to use the given private key to handle this.
Probably you will get only the private key or private key and the certificate. I'm going to take the first instance assuming you have only the private key.
Note :- assume name of the private key is private_key.pem
1. Create a certificate sign request using the given private key.
Self-sign:
If you already have java key store configured within your application, let's merge above tmp_keystore.jks with the existing key store.
Probably you will get only the private key or private key and the certificate. I'm going to take the first instance assuming you have only the private key.
Note :- assume name of the private key is private_key.pem
1. Create a certificate sign request using the given private key.
openssl req -new -key private_key.pem -out key_cert_r.csr2. Get the certificate signed by an authorized party/self-sign.
Self-sign:
openssl x509 -req -days 365 -in key_cert_r.csr -signkey private_key.pem -out key_cert.crt3. Generate a pkc12 key store using the private key and above certificate.
openssl pkcs12 -export -name alias -in key_cert.crt -inkey private_key.pem -out keystore.p124. Generate a java key-store using above pkc12 keystore.
keytool -importkeystore -destkeystore tmp_keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias alias
If you already have java key store configured within your application, let's merge above tmp_keystore.jks with the existing key store.
keytool -importkeystore -destkeystore existing_keystore.jks -srckeystore tmp_keystore.jks
Subscribe to:
Comments (Atom)

 
