Following these instructions you will be able to install to your local keystore the SSL certificates that your application needs to connect to a remote server over SSL. First download and unzip the archive InstallCert from http://opentox.ntua.gr/files/InstallCert.zip.
Open a terminal and type:
mkdir InstallCert cd InstallCert wget http://opentox.ntua.gr/files/InstallCert.zip unzip InstallCertThen export your JAVA_HOME variable (customize the following line according to your Java installation directory):
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.24/Now assume you need to download the SSL certificate of the server at https://server.com and add it to your local repository. Run:
java InstallCert server.com:443Repeat the same to add more SSL certificates. For example run:
java InstallCert ambit.uni-plovdiv.bg:8443These commands will create a file called jssecacerts and will be updating it with more SSL certificates every time you want to add a certificate. Copy this file to your java security folder (usually at $JAVA_HOME/jre/lib/security). Do:
sudo cp jssecacerts $JAVA_HOME/jre/lib/securityAnd now your Java applications will be able to connect to the servers you allowed over SSL.
Create JSSEcacerts
In order to create a jssecacerts file for these servers run sequentially.java InstallCert opensso.in-silico.ch java InstallCert ambit.uni-plovdiv.bg:8443And as already explained, move the file to your Java security folder (yes, a single file is created, not two). That should be enough for any Java-based client to access protected resources in OpenTox (e.g. Q-edit)
List the contents of your keystore
In order to list the contents of your Java keystore (the file jssecacets you created in the previous section) run:keytool -list -keystore ./jssecacerts
Export you keystore as PEM
If you need you keystore in PEM format, you can exporting using the following command:keytool -exportcert -keystore ./jssecacerts \ -alias digicertassuredidrootca -file ./digicertassuredidrootca.pem \ -rfc -v
This will create the file digicertassuredidrootca.pem. Your PEM file looks like this:
-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAeIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuFGlnaWNlcnQuY29tMSQw ... 8b5QZ7dsvfPxH2sMNgcWfz08qVttevESRmCD1zcEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE-----
You don't understand much from that huh?
In the next paragraph we explain how you can convert it to a more
human-readable format.
Inspect a PEM certificate
If you need a human-readable variant of the above PEM certificate, then run:openssl x509 -in digicertassuredidrootca.pem -text -noout > mycert.txtNow the certificate looks like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
Validity
Not Before: Nov 10 00:00:00 2006 GMT
Not After : Nov 10 00:00:00 2031 GMT
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit): 00:ad:0e:15:ce:e4:43:80:5c:b1:87:f3:b7:60:f9:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier: 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F
X509v3 Authority Key Identifier:
... more ...
That's all folks! Stay tuned for more!
No comments:
Post a Comment