javassl

how to add .crt file to keystore and trust store


I have a .crt file and I want to import to keystore and truststore using java(first create keystore and truststore then import).

Below is the code that I am using:

import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslContextConfigurator;
import org.glassfish.tyrus.client.SslEngineConfigurator;

@ClientEndpoint
public class test {
    
    private static CountDownLatch latch;
    
    private Logger logger = Logger.getLogger(this.getClass().getName());
     
    @OnOpen
    public void onOpen(Session session) {
        logger.info("Connected ... " + session.getId());
        try {
            session.getBasicRemote().sendText("start");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 
    @OnMessage
    public String onMessage(String message, Session session) {
        BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
        try {
            logger.info("Received ...." + message);
            String userInput = bufferRead.readLine();
            return userInput;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 
    @OnClose
    public void onClose(Session session, CloseReason closeReason) {
        logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
    }
    
    public static void main(String[] args) {
        latch = new CountDownLatch(1);
        ClientManager client = ClientManager.createClient();
        
        try {
            client.connectToServer(test.class, new URI("wss://x.x.x.x:8085"));
            latch.await();
 
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

}

I am using tyrus websocket client so, I need to add the following property:

    final ClientManager client = ClientManager.createClient();
    System.getProperties().put("javax.net.debug", "all");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
    final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();
    
    defaultConfig.retrieve(System.getProperties());
        // or setup SSLContextConfigurator using its API.
    
    SSLEngineConfigurator sslEngineConfigurator =
        new SSLEngineConfigurator(defaultConfig, true, false, false);
    client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
        sslEngineConfigurator);
    client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
        new URI("wss://localhost:8181/sample-echo/echo"));
    }

So, how can I create keystore and truststore and import .crt into it.


Solution

  • I solved the above problem by directly importing the .crt file to java keystore:

    For importing into java keystore

    keytool -trustcacerts -keystore "/jdk/jre/lib/security/cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"
    

    By using above command the server certificate will be validated and connection will be achieved but if you want to create new keystore and import .crt to it means use the below command it will create the keystore of type .jks.

    For creating keystore and import .crt

    keytool -import -alias testalias -file test.crt -keypass keypass -keystore test.jks -storepass test@123
    

    here

    keystore password : test@123
    keypass : keypass
    

    As some code will validate and if you are using wss/https it will ask for keystore/truststore configuration then you can use above configuration mentioned in step2(creating keystore and import .crt). Otherwise step1 (importing into java keystore) is enough.