Solaris tip of the week: Managing self-signed certificates

In a development environment you may have to interact with self-signed certificates, which are used to secure the services you offer. To communicate with a secured service that presents a self-signed certificate, a client imports the certificate into a local truststore or certificate database. When I import a certificate, I usually have to refer to the relevant man pages .... but I've done it enough times that I decided to create a utility to automate the process. Here's a java CertificateManager netbeans project that can be used to import a self-signed certificate from a remote host into a java keystore of your choice.

Usage: java -jar CertificateManager.jar -url https://{hostname}:{port} [-keystore {keystore}] [-pw {password}]

default keystore: ${java.home}/lib/security/cacerts

default pw: changeit

In order for the CertificateManager to accept self-signed certificates itself, I found the very useful SSLUtilities.java class.

If you work with sun ldap/ssl directory server configurations that use self-signed certificates, you will know that the certificates used by ldap are stored in the mozilla-style certificate database, commonly created at /var/ldap on a native ldap client. The certutil command is used to administer the ldap certificate database; you can add your java keystore certificate to the ldap certificate database as follows:

# Import remote self-signed certificate into local java keystore

java -jar ../tools/CertificateManager.jar -url ${url} -keystore ${ks} -pw ${pw}

# export certificate in rfc-form for import into certificate database

keytool -list -rfc -keystore ${ks} -storepass ${pw} > selfsigned.pem

# import into /var/ldap certificate database

/usr/sfw/bin/certutil -A -n "${alias}" -i selfsigned.pem -a -t CT -d /var/ldap

HTH ...

Jay

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jay Danielsen

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today