SnapLogic - Integration Nation

whaleyl · ‎04-04-2023

I’ve been provided a PEM certificate in a .cer file format for connecting to an API by a third-party, and I’m trying to convert it to the correctly formatted truststore and keystore .jks files so that I can create a REST SSL account.

Does anyone have any resources or instructions that clearly outline how to do this? I’ve unfortunately been unsuccessful using the keytool utility bundled with the JDK. I don’t personally have any experience doing this.

Thank you in advance.

whaleyl · ‎04-05-2023

I have resolved this after doing some research, and now can authenticate to the target API using a REST SSL account. 😁

For anyone that may reference this down the line, below are the steps I took.

Some prerequisites:

Obtain a certificate and key, and determine the file types of each (mine were a .cer and .key, respectively)
Install OpenSSL (in my case it was installed previously via Git), and the latest JDK (I used v20)

Steps:

Create a PKCS12 file (.p12) that combines your provided certification (in my case a .cer file as noted), and your private key (in my case a .key file) using the following command via OpenSSL (which I ran in Git Bash):
openssl pkcs12 -export -out {{new file name}}.p12 -in {{your certificate}} -inkey {{your private key}} -passin pass:{{root cert password if applicable}} -passout pass:{{new password}}
Create the keystore (.jks) using your newly created .p12 via the JDK Keytool utility (-deststoretype should be “JDK”):
keytool -importkeystore -deststorepass {{new keystore password}} -destkeypass {{new key password}} -destkeystore {{new keystore name}}.jks -deststoretype JKS -srckeystore {{p12 file name}}.p12 -srcstoretype PKCS12 -srcstorepass {{p12 password}}
Create the truststore (.jks) from your original certificate (.cer in my case) via the JDK Keytool utility (-storetype should be “JDK”):
keytool -import -v -trustcacerts -keystore {{new keystore name}}.jks -storetype JKS -storepass {{keystore password}} -alias {{new entry alias}} -file {{your certificate}}

…and that’s it.

Hoping this helps someone in my position down the line.

View solution in original post

whaleyl · ‎04-05-2023

I have resolved this after doing some research, and now can authenticate to the target API using a REST SSL account. 😁

For anyone that may reference this down the line, below are the steps I took.

Some prerequisites:

Obtain a certificate and key, and determine the file types of each (mine were a .cer and .key, respectively)
Install OpenSSL (in my case it was installed previously via Git), and the latest JDK (I used v20)

Steps:

Create a PKCS12 file (.p12) that combines your provided certification (in my case a .cer file as noted), and your private key (in my case a .key file) using the following command via OpenSSL (which I ran in Git Bash):
openssl pkcs12 -export -out {{new file name}}.p12 -in {{your certificate}} -inkey {{your private key}} -passin pass:{{root cert password if applicable}} -passout pass:{{new password}}
Create the keystore (.jks) using your newly created .p12 via the JDK Keytool utility (-deststoretype should be “JDK”):
keytool -importkeystore -deststorepass {{new keystore password}} -destkeypass {{new key password}} -destkeystore {{new keystore name}}.jks -deststoretype JKS -srckeystore {{p12 file name}}.p12 -srcstoretype PKCS12 -srcstorepass {{p12 password}}
Create the truststore (.jks) from your original certificate (.cer in my case) via the JDK Keytool utility (-storetype should be “JDK”):
keytool -import -v -trustcacerts -keystore {{new keystore name}}.jks -storetype JKS -storepass {{keystore password}} -alias {{new entry alias}} -file {{your certificate}}

…and that’s it.

Hoping this helps someone in my position down the line.

dmiller · ‎04-05-2023

Thank you for posting your solution.

Diane Miller

whaleyl · ‎04-05-2023

Not a problem!

SnapLogic - Integration Nation

Create TrustStore & KeyStore Files From Certificate?