[{"data":1,"prerenderedAt":401},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2008\u002F07\u002F11\u002Funable-to-import-openssl-key-to-java-keystore\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":386,"description":216,"embedImage":387,"extension":388,"image":387,"intro":387,"meta":389,"navigation":390,"path":391,"seo":392,"series":387,"sitemap":393,"stem":394,"tags":395,"__hash__":400},"content\u002F2008\u002F07\u002F11\u002Funable-to-import-openssl-key-to-java-keystore.md","Unable to import openssl key to java keystore",{"type":208,"value":209,"toc":383},"minimark",[210,217,220,223,226,231,243,246,257,260,266,269,275,278,284,289,296,299,305,308,314,317,323,328,334,340,343,349,354,362,368,371,374,380],[211,212,213],"p",{},[214,215,216],"strong",{},"UPDATE - progress - see end of article",[211,218,219],{},"I have an openssl self-signed certificate for some websites. These are based on an openssl RSA key. I can use them successfully as client keys - but - it seems that glassfish (perhaps all others - I don't know) need the key in the keystore as well as the certificate.",[211,221,222],{},"So - I have an RSA key file and a PEM certificate file.",[211,224,225],{},"keytool only imports the certificate (this works fine for this certificate for java processes that act as an SSL client - but here I want to act as the SSL server) - so here are the other things I have tried:",[211,227,228],{},[214,229,230],{},"Jetty PKCS12Import",[211,232,233,234],{},"From ",[235,236,237],"a",{"href":237,"rel":238,"target":242},"http:\u002F\u002Fnumber9.hellooperator.net\u002Farticles\u002Fcategory\u002Fsecurity",[239,240,241],"nofollow","noopener","noreferer","_blank",[211,244,245],{},"Pre-requisite",[247,248,253],"pre",{"className":249,"code":251,"language":252},[250],"language-text","curl -O http:\u002F\u002Fdist.codehaus.org\u002Fjetty\u002Fjetty-6.1.11\u002Fjetty-6.1.11.zip\nunzip -j jetty-6.1.11.zip jetty-6.1.11\u002Flib\u002Fjetty-6.1.11.jar\n","text",[254,255,251],"code",{"__ignoreMap":256},"",[211,258,259],{},"Now - convert to pkcs12",[247,261,264],{"className":262,"code":263,"language":252},[250],"openssl pkcs12 -export -out keystore.pcks12 -in \u002Fetc\u002Fapache2\u002Fssl\u002Fcertificate.crt -inkey \u002Fetc\u002Fssl\u002Fprivate\u002Fkey.key\n",[254,265,263],{"__ignoreMap":256},[211,267,268],{},"And then import",[247,270,273],{"className":271,"code":272,"language":252},[250],"java -cp jetty-6.1.11.jar org.mortbay.jetty.security.PKCS12Import keystore.pcks12 keystore.jks\n",[254,274,272],{"__ignoreMap":256},[211,276,277],{},"Problem is that I get:",[247,279,282],{"className":280,"code":281,"language":252},[250],"Exception in thread \"main\" java.io.IOException: failed to decrypt safe contents entry: java.lang.ArithmeticException: \u002F by zero\n    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1277)\n    at java.security.KeyStore.load(KeyStore.java:1185)\n    at org.mortbay.jetty.security.PKCS12Import.main(PKCS12Import.java:95)\nCaused by: java.lang.ArithmeticException: \u002F by zero\n    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)\n    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)\n    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)\n    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)\n    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)\n    at javax.crypto.Cipher.a(DashoA13*..)\n    at javax.crypto.Cipher.a(DashoA13*..)\n    at javax.crypto.Cipher.init(DashoA13*..)\n    at javax.crypto.Cipher.init(DashoA13*..)\n    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1273)\n    ... 2 more\u003C\u002Fcode>\u003C\u002Fpre>\n",[254,283,281],{"__ignoreMap":256},[211,285,286],{},[214,287,288],{},"Neal Groothius",[211,290,291,292],{},"From: ",[235,293,294],{"href":294,"rel":295,"target":242},"http:\u002F\u002Fwww.nealgroothuis.name\u002Fimport-a-private-key-into-a-java-keystore\u002F",[239,240,241],[211,297,298],{},"This wants the certificate and key in DER form:",[247,300,303],{"className":301,"code":302,"language":252},[250],"openssl rsa -in \u002Fetc\u002Fssl\u002Fprivate\u002Fkey.key -out key.der -outform DER\nopenssl x509 -in \u002Fetc\u002Fapache2\u002Fssl\u002Fcertificate.crt -out cert.der -outform DER\n",[254,304,302],{"__ignoreMap":256},[211,306,307],{},"Then import:",[247,309,312],{"className":310,"code":311,"language":252},[250],"java -cp . KeyStoreImport keystore.jks cert.der key.der keyalias\n",[254,313,311],{"__ignoreMap":256},[211,315,316],{},"But that gives:",[247,318,321],{"className":319,"code":320,"language":252},[250],"java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence\n    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:175)\n    at java.security.KeyFactory.generatePrivate(KeyFactory.java:342)\n    at KeyStoreImport.main(KeyStoreImport.java:80)\nCaused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence\n    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:344)\n    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:350)\n    at sun.security.rsa.RSAPrivateCrtKeyImpl.\u003Cinit>(RSAPrivateCrtKeyImpl.java:74)\n    at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:58)\n    at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:274)\n    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:171)\n    ... 2 more\n",[254,322,320],{"__ignoreMap":256},[211,324,325],{},[214,326,327],{},"Not yet commons-ssl",[211,329,291,330],{},[235,331,332],{"href":332,"rel":333,"target":242},"http:\u002F\u002Fjuliusdavies.ca\u002Fcommons-ssl\u002F",[239,240,241],[247,335,338],{"className":336,"code":337,"language":252},[250],"java -cp not-yet-commons-ssl-0.3.10.jar org.apache.commons.ssl.KeyStoreBuilder pass key.key \u002Fetc\u002Fapache2\u002Fssl\u002Fcertificate.crt\n",[254,339,337],{"__ignoreMap":256},[211,341,342],{},"Gives:",[247,344,347],{"className":345,"code":346,"language":252},[250],"Exception in thread \"main\" java.util.NoSuchElementException\n    at java.util.LinkedList$ListItr.next(LinkedList.java:698)\n    at java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)\n    at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:167)\n    at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:97)\n    at org.apache.commons.ssl.KeyStoreBuilder.main(KeyStoreBuilder.java:555)\u003C\u002Fcode>\u003C\u002Fpre>\n",[254,348,346],{"__ignoreMap":256},[211,350,351],{},[214,352,353],{},"UPDATE",[211,355,356,357,361],{},"Progress. Julius Davies (not yet commons-ssl) got back to me and said - bug in 0.3.10 - try 0.3.9. Now - checking the download page it ",[358,359,360],"em",{},"says"," that 0.3.10 is alpha - but I never made it that far down the page.",[247,363,366],{"className":364,"code":365,"language":252},[250],"java -cp not-yet-commons-ssl-0.3.9.jar org.apache.commons.ssl.KeyStoreBuilder pass_for_new_keystore key.key \u002Fetc\u002Fapache2\u002Fssl\u002Fcertificate.crt\n",[254,367,365],{"__ignoreMap":256},[211,369,370],{},"This worked. Created a new keystore for me (named \u003Ccertificate's OU>.jks). This has the certificate in it as well as the key (keytool -list shows it as a PrivateKeyEntry rather than a trustedCertEntry).",[211,372,373],{},"You can get it into the glassfish keystore too:",[247,375,378],{"className":376,"code":377,"language":252},[250],"keytool -importkeystore -srckeystore keystore.jks -destkeystore glassfish\u002Fdomains\u002Fdomain1\u002Fkeystore.jks -srcstorepass pass_for_new_keystore -deststorepass changeit\n",[254,379,377],{"__ignoreMap":256},[211,381,382],{},"I'll test to see if it can use it next week. If so - this article will be superseded with a new one :)",{"title":256,"searchDepth":384,"depth":384,"links":385},2,[],"2008-07-11 11:42:54 +0200",null,"md",{},true,"\u002F2008\u002F07\u002F11\u002Funable-to-import-openssl-key-to-java-keystore",{"title":206,"description":216},{"loc":391},"2008\u002F07\u002F11\u002Funable-to-import-openssl-key-to-java-keystore",[396,397,398,399],"ssl","keystore","openssl","troubleshooting","deYyyIO5PEWf1ihG-Exo9l_xjshRZN7g-v9_w6z4d7Q",1775293014709]