File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Openssl equivalent in Java

 
Michael Arnett
Ranch Hand
Posts: 65
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I was hoping someone could help me out. I have two quesitons. First, OpenSSL includes a test client s_client. This client will connect to a SSL server and verify that client auth is happening correctly. This client accepts a client cert file and a client private key file as parameters. I was wondering if it was possible to perform a similar execution in Java? I am aware of concatenating the private key and client cert, but it seems it would be more elegant to be able to specify a client cert and a private key without creating a concatenated file.
The second question is how does one recreate the CA chain if given a root ca, a subordinate ca, and a client cert all in separate PEM files. I would like to create a pkcs12 file that contains a client private key- client certificate pair but instead of just having a single cert, have all three of the aforementioned certs.
Thanks in advance for any insight,
-MLA
 
Michael Arnett
Ranch Hand
Posts: 65
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, I found the answer to the second portion of my question; so I thought I would post it.
1. Assume that you have a client cert in PEM format called client.pem.crt.
2. Assume that you have a CA root cert also in PEM format called cacert.pem.crt.
3. Assume that you have a client private key in PEM format called client.pem.privkey.
4. First, verify that the client cert was signed by the cacert.pem.crt file. Execute:
openssl verify -CAfile C:\test\cacert.pem.crt client.pem.crt
Response:
client.pem.crt: OK
5. If the response is ok, then proceed by combining the client private key and client cert into a single pkcs12 file which includes the CA Chain from the cacert.pem.crt file. Execute:
openssl pkcs12 -export -chain -CAfile C:\test\cacert.pem.crt -in client.pem.crt -inkey client.pem.privkey -out client_caChain.p12
Thats all there is to it. If you want to import this pkcs12 file into a jks file (Java KeyStore), just use the jdk keytool utility or better yet the handy KeytoolGUI utility (http://www.waynegrant.info/keytool.html).
Hope someone else can use this info.
-MLA
 
Pankaj Kr
Author
Ranch Hand
Posts: 80
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out ssltool utility of JSTK for a Java equivalent of OpenSSL's s_client.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic