This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Websphere and the fly likes Importing a file.pfx in Ikeyman for Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » Websphere
Bookmark "Importing a file.pfx in Ikeyman for Websphere" Watch "Importing a file.pfx in Ikeyman for Websphere" New topic

Importing a file.pfx in Ikeyman for Websphere

Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57

I have a client certificate stored in my personal certificates in my IE browser assigned by cacert. I exported this to .pfx file which should come in the pkcs#12 format. However when i try to import the file in ikeyman for WAS into a JKS I get an error complaining that the database file has been corrupted. I have exported a self signed cert generated from by ikeyman to a .p12 file and imported it as a pkcs#12 key type successfully.
Does anyone have any ideas on this. I am ikeyman from a trial version of the WAS v6 base edition.
Thanks in advance.
Mark Eaton

Joined: Jun 27, 2006
Posts: 1

Before the certificate can be imported into IBMKEYMAN they have to be converted using OpenSSL.

see for download of openssl.

Procedure is:
openssl pkcs12 -in [filename].pfx -out [out].pem
openssl pkcs12 -export -in [out].pem -out [newname].p12

I have used this procedure to export/import certificates between Microsoft IIS/ISA Server and IKEYMAN

Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57
Mark Thanks for the reply.
I've been able to use some other open source tools for the job. For anyones future reference they can be found on the website on the resources page.
Mark I attempted your open ssl approach but i got the same error with the .p12 file I suspect its a problem with the version of ikeyman. Next week I should have access to the version running on the WAS ND version so that should be able to do the job.

Thanks again for the suggestion

Subha Murthy

Joined: Aug 16, 2005
Posts: 15
Hi Brian,

can you tell me how exactly you were able to import .pfx into WebSphere using bouncycastle?

Thanks a lot!
Brian Hennessy
Ranch Hand

Joined: Oct 24, 2005
Posts: 57
I'm a little late responding to this, so Subha I apologise for not responding ,but hopefully it comes in handy for somone else. I originally used an application called Portecle to import the cert , I may have found a link to it from the bouncycastle web site. However to get the websphere ikeyman working I following the following instructions from IBM

Unable to import a PKCS12 file that is created by IIS or other non-IBM Web server keystores into a CMS or JKS database

Have you checked out Aspose?
subject: Importing a file.pfx in Ikeyman for Websphere
It's not a secret anymore!