String alias = (String)aliases.nextElement() Keystore.load(is, password.toCharArray()) Įnumeration aliases = keystore.aliases()
#KEYSTORE EXPLORER ENTRYNAME CODE#
And never put your password on the command line or in environment variables it's too easy for other users to grab.Ī portion of code originally from Example Depot for listing all of the aliases in a key store: // Load input stream into keystore The easiest method for securing them is to do all of this in a directory which doesn't have any access rights for anyone other than the user. Nothing will warn you if you fail to secure them correctly. When you do this, take care to keep the files created secure. You should be able to handle that PEM file easily enough it's plain text with an encoded unencrypted private key and certificate(s) inside it (in a pretty obvious format).
Next, use OpenSSL to do the extraction to PEM: openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes destkeystore intermediate.p12 -deststoretype PKCS12 keytool -importkeystore -srckeystore keystore.jks \ Make sure you use the same password for both files (private key password, not the keystore password) or you will get odd failures later on in the second step. To do the extraction, you first use keytool to convert to the standard format. This all depends on the fact that both Java and OpenSSL support PKCS#12-formatted keystores.
Now we are ready to Generate a CSR ( certificate sign request), click right on this alias and click on Generate CSR.Then click OK and set as Alias jetty to match what JCP is expecting by default, and assign a password ( changeit is the default password JCP is using).Then double-click in Subject Alternative Names to edit it and add ALL the other AE Servers that you would require for your AE Server (1,2,4 depending on your configuration) and add the FQDN (fully qualified domain name) of all the servers and DNS Alias that you may use to access it as below.Click in Add Extensions and then in Use Standard Template and select SSL Server as below:.Add as Subject the CN being the hostname of your server as below:.Leave the rest of parameters by default, increase the validity if you are signing with an Internal CA or public CA, else it will be valid for 1 year.Click-right – Generate Key Pair – leave by default Algorithm set to RSA – Key size 2048.