将BIN格式的证书转换为X509格式

Question

I have read this good article on running tomcat in https and implemented it.

http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/

It is working fine and my tomcat is running in https mode.

But the problem is i got the certificate in BIN format . I need it in X509 format so that i can use it as an raw resource for my Android project

I have used java keytool to create it.Can i use OpenSSL to convert it into X509 Format or java keytool is sufficient?

I am new to this securities stuff.

Please point me in the right direction and clear my doubts.

Answer 1

I think keytool already handles certificates in X509 format only. You should have generated .keystore file. You can export certificate from it using command:

keytool -export -alias mycert -keystore mykeystore.bin -file certificatefile.cer

Answer 2

Yes of course, you can use OpenSSL to convert the certificate and keys to and from the following formats

• Standard PEM
• DER / Binary
• PKCS#7 (aka P7B)
• PKCS#12 (aka PFX)

In your case, given a private key file and digital certificate in standard PEM, convert them both to pkcs12 format using the following steps:

Step 1: Convert the PEMs to a single PKCS12 file

    OpenSSL> pkcs12 -export -in CE_cert.cer -inkey CE_prv_key_PEM.key -out
pkcs12_KeyStore.p12 -name ce_cert_prv_key

Heres the doc for OpenSSL PKCS12 command.

Step 2: Import the PKCS12 file created in step 1 into the new JKS

C:\>keytool -importkeystore -srckeystore pkcs12_KeyStore.p12 -srcstoretype pkcs12 -srcstorepass somepass -srcalias ce_cert_prv_key -destk
eystore path/to/JavaKeyStore_KS.jks -deststoretype jks -deststorepass somepass -destkeypass somepass

Now after having the certificate and private key in the JKS format, you can use this JSK key store in Tomcat.