File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes Importing a file.pfx in Ikeyman for Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Importing a file.pfx in Ikeyman for Websphere" Watch "Importing a file.pfx in Ikeyman for Websphere" New topic
Author

Importing a file.pfx in Ikeyman for Websphere

Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57
Hi

I have a client certificate stored in my personal certificates in my IE browser assigned by cacert. I exported this to .pfx file which should come in the pkcs#12 format. However when i try to import the file in ikeyman for WAS into a JKS I get an error complaining that the database file has been corrupted. I have exported a self signed cert generated from by ikeyman to a .p12 file and imported it as a pkcs#12 key type successfully.
Does anyone have any ideas on this. I am ikeyman from a trial version of the WAS v6 base edition.
Thanks in advance.
Mark Eaton
Greenhorn

Joined: Jun 27, 2006
Posts: 1
Hennseb,

Before the certificate can be imported into IBMKEYMAN they have to be converted using OpenSSL.

see www.openssl.org for download of openssl.

Procedure is:
openssl pkcs12 -in [filename].pfx -out [out].pem
openssl pkcs12 -export -in [out].pem -out [newname].p12

I have used this procedure to export/import certificates between Microsoft IIS/ISA Server and IKEYMAN

Cheers
mark
Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57
Mark Thanks for the reply.
I've been able to use some other open source tools for the job. For anyones future reference they can be found on the bouncycastle.org website on the resources page.
Mark I attempted your open ssl approach but i got the same error with the .p12 file I suspect its a problem with the version of ikeyman. Next week I should have access to the version running on the WAS ND version so that should be able to do the job.

Thanks again for the suggestion

Brian
Subha Murthy
Greenhorn

Joined: Aug 16, 2005
Posts: 15
Hi Brian,

can you tell me how exactly you were able to import .pfx into WebSphere using bouncycastle?

Thanks a lot!
Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57
I'm a little late responding to this, so Subha I apologise for not responding ,but hopefully it comes in handy for somone else. I originally used an application called Portecle to import the cert , I may have found a link to it from the bouncycastle web site. However to get the websphere ikeyman working I following the following instructions from IBM

Unable to import a PKCS12 file that is created by IIS or other non-IBM Web server keystores into a CMS or JKS database

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Importing a file.pfx in Ikeyman for Websphere