如果我没有私钥，如何将 pki 转换为 jks？

Question

The company signs it own certificates so this is giving problems to validate so I have added the custom ca authority to a pod running jenkins so now I can curl successfully against a service, the thing is that I'm trying to use a jenkins' plugin which continue to give ssl error so I think the problem is that I need to add the certs in jks format but all the info I found to convert a pem to jks is with the private key which I don't have.

The plugin which I need to make work is micro focus fortify plugin.

How do I convert a public ca authority to jks if I don't have the private key?

Answer 1

I'm guessing you're just trying to add your internal CA cert to the cacerts file that you Jenkins server is using. The cacerts file is a keystore file that contains all of the public certs for trusted CAs and it will be located with the java installation that your Jenkins server is using.

Please note that if you're trying to trust other certs that were signed by your CA, then you only need your CA's public certificate. You do not require the CA's private cert. If you have an admin who gives out the private cert/key to anyone, you should probably slap that person because that is a major security risk.

When Jenkins starts up, it will use the public CA certs from that cacerts file which will also be used by any Jenkins plugins that you use.

To import a new CA cert, you just need the cert to be in base64 format. You can use the following command to import:

keytool -importcert -file yourCAcert.pem -keystore cacerts -alias "YourCertAlias"