While testing web services or performing any web service test using https URLs which are secure, there are chances that we could face the issue as client side authentication required. Sometimes client certificate or SSL throws javax.net.ssl.SSLHandshakeException error. This usually happens when browser or tool like Jmeter that you use for web services testing, does not find the certificate or not able to read the certificate sent from client side.
To create a CSR, use the following command: keytool -certreq -alias test -keystore test.jks -file test.csr You entered the requester details when you created the key pair in the previous step, so the keytool no longer asks for them. The -file test.csr parameter is used to output the CSR to a file. If you omit it, the CSR will be. (Use keytool -list to see the contents of the keystore.) Make sure the certificate category is set to Identity. Upload the client certificate file in JKS format. Enter the keystore and key passwords used to create the JKS store. Open a command prompt in the same directory as Java keytool; alternatively, you may specify the full path of keytool in your command. Pay close attention to the alias you specify in this command as it will be needed later on. Keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048 2. If you have more than one one crt files, merge them to single abc.crt openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12 keytool -importkeystore -srckeystore abc.p12 -srcstoretype PKCS12 -destkeystore abc.jks -deststoretype JKS default alias is 1 password. At the bottom of this page Google recommends using this keytool command to create a keystore file: keytool -genkey -v -keystore foo.keystore -alias foo -keyalg RSA -keysize 2048 -validity 10000 I quote from their page, “This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key.
If you are facing such kind of issues, and you need create .jks file to provide the authentication or if you are not able to convert .der or .crt or .p12 file to .jks file, please follow the steps to perform the conversion or create .jks file using keytool.exe.
- Keytool.exe comes by default with all the latest Java. Make sure java is available in your system.
- Open browser and load https URL will prompt you to install the certificate if not installed in your browser.
Generate Jks File From Crt And Key Using Keytool
- Click on AddException and then Confirm Security Exception will install the certificate in the browser.
- Click on lock icon shown in the address bar.
- Click on More Information and then View Certificate.
- Click on Details tab and then click on Export button.
Keytool Import Crt
- Save the certificate in java bin folder with any name.
- Change the file extension with .p12 extension. Example (certificate.p12)
- Now open command prompt and navigate to java bin folder.
- keytool -importcert -alias mycert -file certificate.p12 -keystore certificate.jks -storepass password
- Once you hit enter it will ask you to answer Trust this certificate? Type yes and hit enter again.
Here you have generated .jks file with file name certificate.jks and the file will be located in Java bin folder.
Now you have successfully converted .p12 file to jks file. The same process you can apply to change any file like .der file or .crt file to convert in .jks file. What all you have to do is to replace the .p12 file with your file and give the same name in command prompt while executing the command.