BiTel

bill BGBillingServer # keytool -import -alias bgbilling -file certificate_xxx.ru_91.crt
Enter keystore password:
Re-enter new password:
Owner: CN=xxx.ru, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/resources/cps (c)09, OU=GT49952852, O=xxx.ru, C=RU
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Serial number: a881d
Valid from: Mon Jan 26 16:05:33 YEKT 2009 until: Wed Jan 27 16:05:33 YEKT 2010
Certificate fingerprints:
         MD5:  08:E0:E4:94:12:E1:F9:D0:CA:51:F7:6D:7F:D7:F6:C9
         SHA1: 95:E1:67:81:0C:A5:F5:0C:7C:81:3B:BA:3D:21:E2:E6:1B:38:B4:D4
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 23 82 23 A1 28 22 41 CD   57 DC  '...(aA.W...(.Y.
0010: 55 F2 67 1C                                        ..g.
]
]

#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.geotrust.com/crls/secureca.crl]
]]

#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 23 82 23 A1 28 22 41 CD   57 DC  '...(aA.W...(.Y.
0010: 55 F2 67 1C                                        ..g.
]

]

Trust this certificate? [no]:  yes
Certificate was added to keystore
bill BGBillingServer # cp -f /root/.keystore /usr/local/BGBillingServer/
bill BGBillingServer # keytool -list -file /usr/local/BGBillingServer/.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

bgbilling, Jan 27, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 08:E0:E4:94:12:E1:F9:D0:CA:51:F7:6D:7F:D7:F6:C9
bill BGBillingServer #

# keytool -import -alias bgbilling -trustcacerts -file certificate_xxx.ru_91.crt

# keytool -list -file .keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

bgbilling, Feb 16, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 08:E0:E4:94:12:E1:F9:D0:CA:51:F7:6D:7F:D7:F6:C9

package comu;

import java.security.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;

/**
 * ImportKey.java
 *
 * <p>This class imports a key and a certificate into a keystore
 * (<code>$home/keystore.ImportKey</code>). If the keystore is
 * already present, it is simply deleted. Both the key and the
 * certificate file must be in <code>DER</code>-format. The key must be
 * encoded with <code>PKCS#8</code>-format. The certificate must be
 * encoded in <code>X.509</code>-format.</p>
 *
 * <p>Key format:</p>
 * <p><code>openssl pkcs8 -topk8 -nocrypt -in YOUR.KEY -out YOUR.KEY.der
 * -outform der</code></p>
 * <p>Format of the certificate:</p>
 * <p><code>openssl x509 -in YOUR.CERT -out YOUR.CERT.der -outform
 * der</code></p>
 * <p>Import key and certificate:</p>
 * <p><code>java comu.ImportKey YOUR.KEY.der YOUR.CERT.der</code></p><br />
 *
 * <p><em>Caution:</em> the old <code>keystore.ImportKey</code>-file is
 * deleted and replaced with a keystore only containing <code>YOUR.KEY</code>
 * and <code>YOUR.CERT</code>. The keystore and the key has no password;
 * they can be set by the <code>keytool -keypasswd</code>-command for setting
 * the key password, and the <code>keytool -storepasswd</code>-command to set
 * the keystore password.
 * <p>The key and the certificate is stored under the alias
 * <code>importkey</code>; to change this, use <code>keytool -keyclone</code>.
 *
 * Created: Fri Apr 13 18:15:07 2001
 * Updated: Fri Apr 19 11:03:00 2002
 *
 * @author Joachim Karrer, Jens Carlberg
 * @version 1.1
 **/
public class ImportKey  {
   
    /**
     * <p>Creates an InputStream from a file, and fills it with the complete
     * file. Thus, available() on the returned InputStream will return the
     * full number of bytes the file contains</p>
     * @param fname The filename
     * @return The filled InputStream
     * @exception IOException, if the Streams couldn't be created.
     **/
    private static InputStream fullStream ( String fname ) throws IOException {
        FileInputStream fis = new FileInputStream(fname);
        DataInputStream dis = new DataInputStream(fis);
        byte[] bytes = new byte[dis.available()];
        dis.readFully(bytes);
        ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
        return bais;
    }
       
    /**
     * <p>Takes two file names for a key and the certificate for the key,
     * and imports those into a keystore. Optionally it takes an alias
     * for the key.
     * <p>The first argument is the filename for the key. The key should be
     * in PKCS8-format.
     * <p>The second argument is the filename for the certificate for the key.
     * <p>If a third argument is given it is used as the alias. If missing,
     * the key is imported with the alias importkey
     * <p>The name of the keystore file can be controlled by setting
     * the keystore property (java -Dkeystore=mykeystore). If no name
     * is given, the file is named <code>keystore.ImportKey</code>
     * and placed in your home directory.
     * @param args [0] Name of the key file, [1] Name of the certificate file
     * [2] Alias for the key.
     **/
    public static void main ( String args[]) {
       
        // change this if you want another password by default
        String keypass = "bgbilling";
       
        // change this if you want another alias by default
        String defaultalias = "bgbilling";

        // change this if you want another keystorefile by default
        String keystorename = System.getProperty("keystore");

        if (keystorename == null)
            keystorename = System.getProperty("user.home")+
                System.getProperty("file.separator")+
                "keystore.ImportKey"; // especially this ;-)


        // parsing command line input
        String keyfile = "";
        String certfile = "";
        if (args.length < 2 || args.length>3) {
            System.out.println("Usage: java comu.ImportKey keyfile certfile [alias]");
            System.exit(0);
        } else {
            keyfile = args[0];
            certfile = args[1];
            if (args.length>2)
                defaultalias = args[2];
        }

        try {
            // initializing and clearing keystore
            KeyStore ks = KeyStore.getInstance("JKS", "SUN");
            ks.load( null , keypass.toCharArray());
            System.out.println("Using keystore-file : "+keystorename);
            ks.store(new FileOutputStream ( keystorename  ),
                    keypass.toCharArray());
            ks.load(new FileInputStream ( keystorename ),
                    keypass.toCharArray());

            // loading Key
            InputStream fl = fullStream (keyfile);
            byte[] key = new byte[fl.available()];
            KeyFactory kf = KeyFactory.getInstance("RSA");
            fl.read ( key, 0, fl.available() );
            fl.close();
            PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
            PrivateKey ff = kf.generatePrivate (keysp);

            // loading CertificateChain
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream certstream = fullStream (certfile);

            Collection c = cf.generateCertificates(certstream) ;
            Certificate[] certs = new Certificate[c.toArray().length];

            if (c.size() == 1) {
                certstream = fullStream (certfile);
                System.out.println("One certificate, no chain.");
                Certificate cert = cf.generateCertificate(certstream) ;
                certs[0] = cert;
            } else {
                System.out.println("Certificate chain length: "+c.size());
                certs = (Certificate[])c.toArray();
            }

            // storing keystore
            ks.setKeyEntry(defaultalias, ff,
                           keypass.toCharArray(),
                           certs );
            System.out.println ("Key and certificate stored.");
            System.out.println ("Alias:"+defaultalias+"  Password:"+keypass);
            FileOutputStream fos = new FileOutputStream( keystorename );
            ks.store( fos , keypass.toCharArray());
            fos.close();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

}// KeyStore

        // change this if you want another password by default
        String keypass = "bgbilling";
       
        // change this if you want another alias by default
        String defaultalias = "bgbilling";

$ javac  ImportKey.java

$ openssl pkcs8 -topk8 -nocrypt -in private_key_xxx.ru_91.pem -out private_key_xxx.ru_91.pem.der -outform der
$ openssl x509 -in certificate_xxx.ru_91.crt -out certificate_xxx.ru_91.crt.der -outform der

$ java comu.ImportKey private_key_xxx.ru_91.pem.der certificate_xxx.ru_91.crt.der

class ImportKey is public, should be declared in a fil
e named ImportKey.java                                                                                       
public class ImportKey {                                                                                     
       ^                                                                                                     
1 error                                                 

openssl pkcs12 -export -in cert.pem -inkey prkey.pem -name "My Certificate" -out cert.p12