IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 08:15 AM

    Hi ,

    Please give me the exact keytool commands to convert .key and .crt files to .jks file of keystore. I am unable to import .key to .jks .

    Please send me both commands


    #webMethods
    #Integration-Server-and-ESB
    #B2B-Integration


  • 2.  RE: How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 10:12 AM

    Hi Varalakshmi,

    cat .crt .key > .crt_with_key

    Use keytool or Portecle for importing .crt_with_key into a .jks.

    See ‘keytool -help’ for further informations.

    Regards,
    Holger


    #Integration-Server-and-ESB
    #webMethods
    #B2B-Integration


  • 3.  RE: How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 10:32 AM

    Hi , I tried but got the below error. Please help me.

    Error:

    [wmuser@ajaxlwmm9004 bin]$ ./keytool -import -alias rsacceptance -file /tmp/SampleTestCert/wmrsreal.accp.apptoapp.org.der_with_wmrsreal.accp.apptoapp.org.key -keystore /tmp/JKSSTORE/VoyaRSAccpRealtime.jks
    Enter keystore password:
    keytool error: java.security.cert.CertificateParsingException: signed fields invalid


    #Integration-Server-and-ESB
    #B2B-Integration
    #webMethods


  • 4.  RE: How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 10:40 AM

    Hi Varalakshmi,

    this will not work with the DER-Format, only with the CER-Format.

    Additionally, add a -trustcacerts parameter to the keytool-command to enable the CA-Certificates which are stored in the cacerts file of the jvm.

    You can convert the certificate either locally on windows by opening it and and export as X.509-Cer (not binary Cer, which is the Der-format) or by using OPENSSL.

    Regards,
    Holger


    #Integration-Server-and-ESB
    #B2B-Integration
    #webMethods


  • 5.  RE: How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 11:19 AM

    Hi Same error again. Tried with .crt file and added trustcacerts . I have placed both .crt and .key files in /tmp and trying. Please correct me if i am going wrong by steps/ command:

    [wmuser@ajaxlwmm9004 bin]$ ./keytool -import -trustcacerts -alias rsacceptance -file /tmp/SampleTestCert/wmrsreal.accp.apptoapp.org.crt_with_wmrsreal.accp.apptoapp.org.key -keystore /tmp/JKSSTORE/VoyaRSAccpRealtime.jks
    Enter keystore password:
    keytool error: java.security.cert.CertificateParsingException: signed fields invalid


    #Integration-Server-and-ESB
    #B2B-Integration
    #webMethods


  • 6.  RE: How to import .key and .crt file to .jks file

    Posted Mon October 26, 2015 02:06 PM

    Hi Varalakshmi,

    is there any extra text in your certificates file?

    If so, remove it.

    It should only contain something similar to the following:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,

    -----END RSA PRIVATE KEY-----

    Proc-Type and DEK-Info are present if the key contains a password.

    Can you share the output of ‘keytool -help’ please?

    Eventually you have to use -imoprtcert instead of -import.

    By which CA was the certificate signed? Is it self-signed or signed by an external CA?

    Regards,
    Holger


    #B2B-Integration
    #Integration-Server-and-ESB
    #webMethods


Related Content