Java keytool easy way to add server cert from url/port (for Windows)
I want to import CA certificate into a Java keystore.
I found this answer with some Unix commands.
I understand that keytool works in Windows the same way as in Linux, doesn't it?
But what about openssl?
I installed openssl in Windows, then ran it and it works normally. But how can I replace a code below?
</dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert
Or can I replace openssl with something else?
windows openssl keytool
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
add a comment |
I want to import CA certificate into a Java keystore.
I found this answer with some Unix commands.
I understand that keytool works in Windows the same way as in Linux, doesn't it?
But what about openssl?
I installed openssl in Windows, then ran it and it works normally. But how can I replace a code below?
</dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert
Or can I replace openssl with something else?
windows openssl keytool
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
add a comment |
I want to import CA certificate into a Java keystore.
I found this answer with some Unix commands.
I understand that keytool works in Windows the same way as in Linux, doesn't it?
But what about openssl?
I installed openssl in Windows, then ran it and it works normally. But how can I replace a code below?
</dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert
Or can I replace openssl with something else?
windows openssl keytool
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
I want to import CA certificate into a Java keystore.
I found this answer with some Unix commands.
I understand that keytool works in Windows the same way as in Linux, doesn't it?
But what about openssl?
I installed openssl in Windows, then ran it and it works normally. But how can I replace a code below?
</dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert
Or can I replace openssl with something else?
windows openssl keytool
windows openssl keytool
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
asked Nov 19 '18 at 14:29
Daria PydorenkoDaria Pydorenko
9092530
9092530
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Probably the easiest way is to use KeyStore Explorer. Just use the "Examine SSL" feature and then click on "Import":
Alternatively you can replace </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert with manual steps. If you execute
openssl s_client -connect -connect www.google.com:443
it will output something like this:
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIIZ20sUt50wGgwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
...
htkxJVFaLUXScpkNQagWzehkj9BGdV4oztKMgTU8hcZEsiDKF0aZmaMfAXAF6u0r
0n9sKu3Ap0uSR0+G4PVDcJkJzw2UiUsu8IkkHy3HjKt4zCCrATjZ4FPgtFHSWv8d
ZmUdWJhgJ30s/EvOKn1uQ6QlPWaCJKc9W6JaJQTX6PjPDMs0sK90ss9vCIJ0dDw5
ud+EC4cT
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Mark the lines starting with -----BEGIN CERTIFICATE----- up to -----END CERTIFICATE----- and copy them into a text editor. Save it as [host].crt. Then execute the keytool command.
If you want to automate these steps in a script, you'll have to install Cygwin or one of the suggestions in this answer here.
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53376771%2fjava-keytool-easy-way-to-add-server-cert-from-url-port-for-windows%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Probably the easiest way is to use KeyStore Explorer. Just use the "Examine SSL" feature and then click on "Import":
Alternatively you can replace </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert with manual steps. If you execute
openssl s_client -connect -connect www.google.com:443
it will output something like this:
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIIZ20sUt50wGgwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
...
htkxJVFaLUXScpkNQagWzehkj9BGdV4oztKMgTU8hcZEsiDKF0aZmaMfAXAF6u0r
0n9sKu3Ap0uSR0+G4PVDcJkJzw2UiUsu8IkkHy3HjKt4zCCrATjZ4FPgtFHSWv8d
ZmUdWJhgJ30s/EvOKn1uQ6QlPWaCJKc9W6JaJQTX6PjPDMs0sK90ss9vCIJ0dDw5
ud+EC4cT
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Mark the lines starting with -----BEGIN CERTIFICATE----- up to -----END CERTIFICATE----- and copy them into a text editor. Save it as [host].crt. Then execute the keytool command.
If you want to automate these steps in a script, you'll have to install Cygwin or one of the suggestions in this answer here.
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
add a comment |
Probably the easiest way is to use KeyStore Explorer. Just use the "Examine SSL" feature and then click on "Import":
Alternatively you can replace </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert with manual steps. If you execute
openssl s_client -connect -connect www.google.com:443
it will output something like this:
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIIZ20sUt50wGgwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
...
htkxJVFaLUXScpkNQagWzehkj9BGdV4oztKMgTU8hcZEsiDKF0aZmaMfAXAF6u0r
0n9sKu3Ap0uSR0+G4PVDcJkJzw2UiUsu8IkkHy3HjKt4zCCrATjZ4FPgtFHSWv8d
ZmUdWJhgJ30s/EvOKn1uQ6QlPWaCJKc9W6JaJQTX6PjPDMs0sK90ss9vCIJ0dDw5
ud+EC4cT
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Mark the lines starting with -----BEGIN CERTIFICATE----- up to -----END CERTIFICATE----- and copy them into a text editor. Save it as [host].crt. Then execute the keytool command.
If you want to automate these steps in a script, you'll have to install Cygwin or one of the suggestions in this answer here.
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
add a comment |
Probably the easiest way is to use KeyStore Explorer. Just use the "Examine SSL" feature and then click on "Import":
Alternatively you can replace </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert with manual steps. If you execute
openssl s_client -connect -connect www.google.com:443
it will output something like this:
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIIZ20sUt50wGgwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
...
htkxJVFaLUXScpkNQagWzehkj9BGdV4oztKMgTU8hcZEsiDKF0aZmaMfAXAF6u0r
0n9sKu3Ap0uSR0+G4PVDcJkJzw2UiUsu8IkkHy3HjKt4zCCrATjZ4FPgtFHSWv8d
ZmUdWJhgJ30s/EvOKn1uQ6QlPWaCJKc9W6JaJQTX6PjPDMs0sK90ss9vCIJ0dDw5
ud+EC4cT
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Mark the lines starting with -----BEGIN CERTIFICATE----- up to -----END CERTIFICATE----- and copy them into a text editor. Save it as [host].crt. Then execute the keytool command.
If you want to automate these steps in a script, you'll have to install Cygwin or one of the suggestions in this answer here.
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
Probably the easiest way is to use KeyStore Explorer. Just use the "Examine SSL" feature and then click on "Import":
Alternatively you can replace </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert with manual steps. If you execute
openssl s_client -connect -connect www.google.com:443
it will output something like this:
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIIZ20sUt50wGgwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
...
htkxJVFaLUXScpkNQagWzehkj9BGdV4oztKMgTU8hcZEsiDKF0aZmaMfAXAF6u0r
0n9sKu3Ap0uSR0+G4PVDcJkJzw2UiUsu8IkkHy3HjKt4zCCrATjZ4FPgtFHSWv8d
ZmUdWJhgJ30s/EvOKn1uQ6QlPWaCJKc9W6JaJQTX6PjPDMs0sK90ss9vCIJ0dDw5
ud+EC4cT
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Mark the lines starting with -----BEGIN CERTIFICATE----- up to -----END CERTIFICATE----- and copy them into a text editor. Save it as [host].crt. Then execute the keytool command.
If you want to automate these steps in a script, you'll have to install Cygwin or one of the suggestions in this answer here.
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
answered Nov 19 '18 at 22:04
OmikronOmikron
2,89011622
2,89011622
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53376771%2fjava-keytool-easy-way-to-add-server-cert-from-url-port-for-windows%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
