In a development environment you may have to interact with self-signed certificates, which are used to secure the services you offer. To communicate with a secured service that presents a self-signed certificate, a client imports the certificate into a local truststore or certificate database. When I import a certificate, usually have to refer to the relevant man pages .... but I've done it enough times that jay decided to create a utility to automate the process. Here's a java CertificateManager netbeans project that can be used to import a self-signed certificate from a remote host into a java keystore of your choice.
Usage: java -jar CertificateManager.jar -url https://{hostname}:{port} [-keystore {keystore}] [-pw {password}]
default keystore: ${java.home}/lib/security/cacerts
default pw: changeit
In order for the CertificateManager to accept self-signed certificates itself, I found the very useful SSLUtilities.java class.
If you work with sun ldap/ssl directory server configurations that use self-signed certificates, you will know that the certificates used by ldap are stored in the mozilla-style certificate database, commonly created at /var/ldap on a native ldap client. The certutil command is used to administer the ldap certificate database; you can add your java keystore certificate to the ldap certificate database as follows:
# Import remote self-signed certificate into local java keystore
java -jar ../tools/CertificateManager.jar -url ${url} -keystore ${ks} -pw ${pw}
# export certificate in rfc-form for import into certificate database
keytool -list -rfc -keystore ${ks} -storepass ${pw} > selfsigned.pem
# import into /var/ldap certificate database
/usr/sfw/bin/certutil -A -n "${alias}" -i selfsigned.pem -a -t CT -d /var/ldap
No comments:
Post a Comment