The keystore is now ready with the certificate I created!Īs already mentioned you can import any certificate directly into the keystore instead of creating a new key pair.īefore consuming a secured REST API, let’s see how to create a secured REST API first using the above keystore. p12 extension after giving a password for the keystore just like you gave for keypair: While the command runs, well be prompted to enter the passphrase that we created previously for key.pem: Enter pass phrase for key. Lets convert PEM into a PKCS12 format: openssl pkcs12 - export - in cert.pem -inkey key.pem -out certificate.p12 -name 'certificate'. You need to do this to add your domain and ip address in case if you are testing from your local machineĬhoose extension type as Subject Alternative Name: Less frequently, we use a Java KeyStore (JKS) format. You can import the certificates you downloaded directly into a new keystore instead ,as well.Ĭlick on Add Extensions.
Here I am creating my own certificate and then adding it to a new keystore. However, I think your SSL cert cannot be used to sign jar files, since they have completely different usages and this information is written inside the certificate itself. Enter the Key Pair entry's password and press the OK button. Create a pkcs12 file using openssl, and call jarsigner -storetype pkcs12 -keystore.
If required the Unlock Entry dialog will be displayed. Select the View Details submenu from the popup menu and from there choose Private Key Details. Select the Sign sub-menu from the pop-up menu and from that Sign New Key Pair. Rightclick on the Key Pair entry in the KeyStore Entries table. Next thing we need is a signed client certificate.
You can leave it in a disconnected state until you are ready to use it. Just create a keystore with the certificates you downloaded. To create a new Key Pair and sign it using the currently selected Key Pair: Right-click on the signing Key Pair entry in the KeyStore Entries table. Open KeyStore Explorer and select Create a new KeyStore (or File->New). You do not have to connect your custom key store immediately. You can do this using a tool like KeyStoreExplorer :
0 kommentar(er)
