Steps to create a .jks keystore using .key and .crt files...

F5 load balancers generate .crt and .key files, which has to be converted to a .jks keystore to configure it with Weblogic Server.

Here .crt is the signed certificate from a CA and .key contains the private key.

These are in PEM format.

Step 1 :

Copy the crt contents to a notepad and save this file with .pem extension.

Eg : cert.pem

Contents :

—–BEGIN CERTIFICATE—–
MIIFMDCCBBigAwIBAgIDDCucMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNVBAYTAlVT
.
.
.
EMJj7aen/ouZThhszQ7lYbvCsQRQlGkKHR0byY4TBoq7kIG5nb64tXvQoP048G7o
Ghf+c+KmfOwUoLoXSzW9CnXgV0EY6MQ5pluL6wB5W6NHQ7Xf
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
.
.
knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
.
.
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
—–END CERTIFICATE—–

Step 2 :

Copy the contents of private key and save it into a notepad with .pem extension.

Eg : key.pem

Contents :

—–BEGIN RSA PRIVATE KEY—–
MIIEogIBAAKCAQEAqm1GacPeZT/cb0Fn2/cF9tcZZZ/UOalrbSad8Qx7Dg467hee
.
.
US8hanaMxYSDY17u89OxSiJ70PnsArui47pF9GepaUaOgWn/IKM=

—–END RSA PRIVATE KEY—–

Step 3 :

Run the following command :

Syntax : $ java utils.ImportPrivateKey keystore storepass storetype keypass alias certfile keyfile keyfilepass 

Command : java utils.ImportPrivateKey -keystore identity.jks -storepass password -keyfile mykey -keyfilepass password -certfile certs.pem -keyfile key.pem -alias mykey

Sample output :

d:\Oracle\Middleware1036\user_projects\domains\wild_card_certificate_domain\certificates>java utils.ImportPrivateKey -keystore identity.jks -storepass password -keyfile mykey -keyfilepass password -certfile cert.pem -keyfile key.pem -alias mykey
No password was specified for the key entry
Key file password will be used
Imported private key key.pem and certificate cert.pem into a new keystore identity.jks of type jks under alias mykey

We have now created an identity.jks file.

To see the contents of this keystore use the following command :

Command : keytool -list -v -keystore identity.jks -storepass password 

---

< Additional Information >

The ImportPrivateKey utility is used to load a private key into a private keystore file.

You can use the CertGen utility to create a .key ( testkey ) and .crt ( testcert ) and then use the ImportPrivateKey utility to create a .jks file.

Note: By default, the CertGen utility looks for the CertGenCA.der and CertGenCAKey.der files in the current directory, or in the WL_HOME/server/lib directory, as specified in the weblogic.home system property or the CLASSPATH.

Alternatively, you can specify CA files on the command line. If you want to use the default settings, there is no need to specify CA files on the command line.

1. Enter the following command to generate certificate files named testcert with private key files named testkey:

Command : $ java utils.CertGen -keyfilepass mykeypass -certfile testcert -keyfile testkey

2. Convert the certificate from DER format to PEM format.

Command :  $ java utils.der2pem CertGenCA.der

3. Concatenate the certificate and the Certificate Authority (CA).

Command :  $ cat testcert.pem CertGenCA.pem >> newcerts.pem 

4. Create a new keystore named mykeystore and load the private key located in the testkey.pem file.

 Command :  $ java utils.ImportPrivateKey -keystore mykeystore -storepass mypasswd -keyfile mykey -keyfilepass mykeypass -certfile newcerts.pem -keyfile testkey.pem -alias passalias

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle Fussion Middleware - WebLogic

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today