KeyStore

Hi,

I have a certificate and a KeyStore (including password),

how can i add these to my computer so that calls to a specific url will work,

any links or sample code/ideas will be cool,

Cheers,

Niall

Can you please be a bit more specif about your below requirement?

how can i add these to my computer so that calls to a specific url will work,

I know how to create a .keystore/.cert file and get the public/private key pair from them.

This post describes how to add a certificate to the systemwide JRE keystore.

Thanks for the replies,

more info (if helpful :-) ):

i have trusted certificates and a KeyStore that is protected by a password,

i have an app created and trying to use these certificates and keystore file (and password) to connect to a https url,

if there are other info that is helpful please let me know,

Cheers for info in advance

Hope this helps.
Aryan.

public void connect(
String address,
int port,
int timeout,
String mKeystore,
String mPassword,
String tKeystore,
String tPassword)
throws Exception {
 
try {
 
// Add the JSSE provider to the list of security providers
java.security.Security.insertProviderAt(
new com.sun.net.ssl.internal.ssl.Provider(),
1);
SSLContext ctx = SSLContext.getInstance("TLS", "SunJSSE");
                        //SSLContext ctx = SSLContext.getInstance("TLS", "IBMJSSE2");
                         
//Provider p = ctx.getProvider();
//System.out.println("Provider Name: "+p.getName());
 
// KeyStore for the SSL client certificate
KeyStore keyStore = KeyStore.getInstance("JKS");
 
try {
 
keyStore.load(
new FileInputStream(mKeystore),
mPassword.toCharArray());
} catch (java.io.IOException e) {
//if (e.toString().endsWith("Invalid keystore format")) {
                            e.printStackTrace();
 
keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(
new FileInputStream(mKeystore),
mPassword.toCharArray());
//}
}
 
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509", "SunJSSE");
                                //KeyManagerFactory.getInstance("IbmX509", "IBMJSSE2");
keyManagerFactory.init(keyStore, mPassword.toCharArray());
System.out.println("Keystore provider:" +keyManagerFactory.getProvider().getName());
 
// keyStore for trusted server certs or CAs
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
 
if (tPassword == null)
try {
trustedKeyStore.load(new FileInputStream(tKeystore), null);
} catch (java.io.IOException e) {
                                    e.printStackTrace();
if (e.toString().endsWith("Invalid keystore format")) {
 
trustedKeyStore = KeyStore.getInstance("pkcs12");
trustedKeyStore.load(
new FileInputStream(tKeystore),
null);
}
} else

try {
trustedKeyStore.load(
new FileInputStream(tKeystore),
tPassword.toCharArray());
} catch (java.io.IOException e) {
                                    e.printStackTrace();
if (e.toString().endsWith("Invalid keystore format")) {
trustedKeyStore = KeyStore.getInstance("pkcs12");
trustedKeyStore.load(
new FileInputStream(tKeystore),
tPassword.toCharArray());
}
}
 
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                                //TrustManagerFactory.getInstance("IbmX509", "IBMJSSE2");
trustManagerFactory.init(trustedKeyStore);
//System.out.println("Truststore provider:" +trustManagerFactory.getProvider().getName());
ctx.init(
keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),
null);
 
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
 
m_cSocket =
(SSLSocket) sslSocketFactory.createSocket(address, port);
m_cSocket.setSoTimeout(timeout);
 
this.address = address;
// Add a handshake listener.
 
m_cSocket
.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
 
public void handshakeCompleted(HandshakeCompletedEvent hce) {
  System.out.println("Handshake:");
  System.out.println("  " + hce.getCipherSuite());
}
});
 
connected = true;
// Force the handshake.
m_cSocket.startHandshake();
                        System.out.println(">>>>>>>>>>>>>>>>>>DONE<<<<<<<<<<<<<<<<<<<<");
} catch (Exception e) {
e.printStackTrace();
throw (e);
}
//
}

You can specify which keystore to use by starting the app like this (where mySrvKeystore is a file name or path):

But it'll be easier in the long run to install the certificate into the system-wide keystore; then you don't need to specify it any time you need to use it because then it'll be found and used automatically.

are these correct:

- when certificates are created, there are 3 created:
# Identity certificate
# Root certificate
# Intermediate certificate

- a PKCS #12 file, is the same as a jks file, but in a different format and the certificates are loaded into the PKCS #12 file or the jks file

- the certificate that is loaded into the jks is the root certificate

- whats the difference between a keyStore and a trustore?

Cheers