piątek, 31 maja 2013

Import a private key in PEM format to Java keystore

I got a key and a certificate in PEM format and I need to put it into a Java keystore (for WS security - message signing). Java's keytool doesn't let you to import a private key, normally one just creates a keystore with a new private key in one shot. I need to do this with a key and cert I have got from non-Java folks...
Since I just had to do it again and I managed to forget how I had this done at the first time - I am adding this post here...

First step is to convert both of them to DER format with following commands:

openssl pkcs8 -topk8 -nocrypt -in private_key.key -inform PEM -out  private_key.der -outform DER
openssl x509 -in server_cert.crt -inform PEM -out server_cert.der -outform DER

Now, to make a keystore out of it:

java ImportKey private_key.der server_cert.der alias_priv_key

(This is a tool I found somewhere in the net, wich may be downloaded from ImportKey.java. No dependencies outside JDK.)

the output is:

Using keystore-file : /home/bartek/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias: alias_priv_key  Password:importkey

next step is to change the keystore's password with:

keytool -storepasswd -keystore keystore.ImportKey

give the 'importkey' password, then enter the new one twice and the job is done.

If the task is to add the key to already existing keystore with some other certs/keys - you need to merge them together (but luckily I don't need that :) ). 
Autor: o Brak komentarzy:

czwartek, 30 maja 2013

Web server slow start problem (Jetty/Tomcat)


Today I started to feel I am having a problem with my maven and Jetty configuration. It started slower and slower, without any clear reason. Simple web app consisting of just a 5 SOAP endpoints (CXF) started in about 1 minute.
So, I started to investigate it and found the reason - seems that the container was looking for Servlet 3.0 annotations in the whole classpath during the start. This was completely unnecessary in my case, since I am not using any of them.
To stop that - it is possible to inform the container in web.xml declaration, that our configuration is complete and there is no need to scan for it.

  <web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         metadata-complete="true"
         version="3.0">

 After that, startup time went down to couple of seconds - voilà!
The nice thing is that the metadata-complete="true" indicates that the JAR files in /WEB-INF/lib doesn't need to be scanned for annotations, but the webapp's own classes will still be scanned.
Autor: o Brak komentarzy:
Subskrybuj: Posty (Atom)