Aditya, you wrote:
Before I start, be aware, truststore.jks will contain your public key(s), that is, the CA certificates you’re willing to trust on an incoming connection. The keystore.jks file contains your private keys and certificates, and should be far more closely guarded.
That important preface being dealt with, here’s the help I can provide…
You will need to convert the data from your .CER file to create the keystore and truststore files. How you do that will depend on two things:
- The operating system you’re working with.
- The actual format of the data in the .CER file.
Read that again. Yup, just because it says “.CER” at the end of the file doesn’t mean you necessarily know what format it’s in! Generally, it will be an X.509 certificate, represented in Binary DER format. But not always. It might be in ASCII PEM format, or even Base64-encoded.
If you’re on Unix or Linux (or use a *nix portability layer in Windows such as “MingW64”), try using the file command to determine the content type:
$ file mycert_file.cer
You may also be able to find file.exe compiled for native Win64, if that’s your OS family.
In Windows, another file type analyzer is TriDNet (GUI) or TriD (command line), available at Marco Pontello's Home - Software - TrIDNet.
Once you’ve figured out what kind of data you have, you’ll need to figure out how to convert it to the .JKS pair needed by SSL:
If you’re working with Java, investigate the keytool utility.
If you’re not using Java but are working with Linux, investigate the openssl utility.
There are also Windows builds available for this utility.
There’s another certificate/key conversion utility available, but its name escapes me at the moment, and a DuckDuckGo search is turning up nada. I’ll post it here if I remember, or someone else may be able to further come to the rescue.
Hope this helps!
–forbin
