I’ve been trying several solutions to use a password protected p12 cert in my soap client (authentication). I cant get it to work. Could anyone please point me in the right direction. My latest test:
keytool -importkeystore -srckeystore mycert.p12 -destkeystore cert/cacerts -srcstoretype PKCS12 -deststoretype JKS -srcstorepass 123456789 -deststorepass changeit -srcalias 1 -destalias mycertSystem.setProperty("javax.net.ssl.trustStore","cert/cacerts");
System.setProperty("javax.net.debug", "ssl");
Result:
fatal, description = certificate_unknown
Thanks
You should first look into the difference between a keystore and a truststore. If you want to use you PKCS#12 file for client authentication, it’s as a keystore you need to use it. (You may also need to set the truststore properties if the server certificate can’t be trusted by the default CAs, but that’s a different problem.)
You shouldn’t need to convert you p12 file into JKS at all.
If your client uses the system properties to initialise its SSL context (check its documentation), you should be able to configure your p12 file by pointing
javax.net.ssl.keyStoreto it, settingjavax.net.ssl.keyStoreTypetoPKCS12and settingjavax.net.ssl.keyStorePasswordcorrectly. In most cases, these properties should be set before any SSL connection is attempted, since they will be only read once.