Given a ca-bundle.pem file with multiple root CA certs:
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
Currently I am converting this bundle to JKS (java native format) and use as default trust store:
java -Djavax.net.ssl.trustStore=... -Djavax.net.ssl.trustStoreType=jks ...
Would like to convert it to PKCS12 as this is the default format starting with Java 9.
What I tried:
# provide changeit as password when asked
$ openssl pkcs12 -export -in ./ca-bundle.pem -out ./ca-bundle.p12 -nokeys
The ca-bundle.p12 is successfully generated but keytool does not see any certs in there and neither does the java process when provided this file via the -Djavax.net.ssl.trustStore flag
$ keytool -list -rfc -keystore ./ca-bundle.p12 -storetype PKCS12 -storepass changeit
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 0 entries
No comments:
Post a Comment