• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to store a certificate, its intermediate, its root and its private key in keystore  RSS feed

 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello All,

I am getting the following error:

Received fatal alert: bad_certificate.


This occurs when trying to connect to a third party web service.

In order to connect to the service, mutual authentication is required.

I have added the certificates for the third party web service to a truststore.

Here is how I created the keystore:

I have imported the certificate, its intermediate, and its root using keytool in 3 separate command line statements, such as:

keytool -import -alias mainCert -file mainCert.cer -keystore keystoreName.jks -storepass password

keytool -import -alias intermediateCert -file intermediateName.cer -keystore keystoreName.jks -storepass password

keytool -import -alias rootCert -file rootName.cer -keystore keystoreName.jks -storepass password

I then added the private key as follows:

keytool -importkeystore
-deststorepass password
- destkeypass password
- srckeystore keystore.p12
- srcstoretype PKCS12
- srcstorepass password
- alias server

Is this the correct way to do this, or do I need to store them as a single entry by chaining them somehow prior to storing them in the keystore?

Thanks so much for your time.

-Ravi



 
Ravi Danum
Ranch Hand
Posts: 154
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello All,

With the help of teammates, this has been done.

Let me give some hints on this:

The entity from which you get the certificate and private key should give directions on this because the packaging of certificates and private keys can be specific.

Once the directions are followed, success will be achieved.

Two things are important:  1)  the order in which the certificates are added to the keystore is important, and 2) in my case, the keystore listing showed the root certificate, the intermediate certificate and the private key.  When I saw this, I wondered where the certificate that goes with the private key was located.  The truth is that both the certificate and the private key have the same alias.  They can be obtained in Java as:  keystore.getKey(<alias>) and keystore.getCertificate(<alias>).

Hope this helps anyone that's having difficulty with this sort of task.

Kind regards.

-Ravi





 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!