Java programmatically create keystore and truststore and import certificates into it

preview_player
Показать описание
In this video we are going to setup keystore + truststore and then load certificates in it programmatically.

00:08 What is the difference between keytool, truststore and keystore

03:20 What is the difference between truststore and keystore

03:56 Please Like and Subscribe !

04:04 Get Code from github

04:42 Going through code in InteliJ

05:56 Preparation for solving PKIX by downloading Intermediate and Root Certificates

06:48 Reproduce PKIX exception running First Junit test case

07:22 Explain TrustStore code

09:28 Re-Run First testcase after setup to resolve PKIX exception

10:07 Preparation for second test case by downloading Root + Intermediate certificates and adding them to the project

10:19 Going through project README.md for Links

12:25 Adding Client Cert to solve for Http code 400

12:30 Going through KeyStore code

12:54 Adding p12 to temporary KeyStore via code

14:57 Explaning @After annotation which removes truststore and keystore from temp directory

15:20 Going through what we have covered till now

15:35 If you received pem file with key and cert then saving them separately

17:13 Convert base key to unencrypted PKCS8 DER format and using it in code

18:28 What I meant when I said DER is binary

19:43 Convert base key to unencrypted PKCS8 PEM format and using it in code

20:19 Using git bash to convert base key to PKCS8 no-encryption pem format

20:37 Code needs key in DER format so adding method to convert PEM to DER


23:52 Explaining why we need to use BouncyCastle dependency for AES encrypted key

24:30 How to use BouncyCastle to read AES encrypted key

25:45 Using Bouncy castle to certificate and key from pem file directly


Supporting Links

Google Searches

Channel #Rahul Random Learnings #RahulRandomLearnings #RahulRandom Learnings

Opinion Disclaimer:
The views and opinions expressed here are my own and not the views of my employer.
The content uploaded on my channel is not intended to malign any religion, ethic group, club, organization, company, individual or anyone or anything.
  1. Rahul Random Learnings
  2. sun.security.validator.ValidatorException
  3. sun.security.provider.certpath.SunCertPathBuilderException
  4. unable to find valid certification path to requested target
  5. Unable to connect to SSL
  6. javax.net.ssl.SSLHandshakeException
Рекомендации по теме
Java programmatically create 0:27:48

Java programmatically create keystore and truststore and import certificates into it

Java programmatically create 0:11:27

Java programmatically create truststore and import certificates into it

Cacert | Trust 0:03:32

Cacert | Trust Store | Key Store in 3 minutes

Creating Keystore and 0:04:44

Creating Keystore and Truststore for SSL/TLS | Step wise step Tutorial

Keystore VS Truststore 0:03:37

Keystore VS Truststore - JAVA Programming - Kiran Ahsan - Unique Tech

Java programmatically add 0:18:53

Java programmatically add custom trusted + default certificates using SSLContext setDefault

Securing Java Applications 0:09:44

Securing Java Applications Part 2: Creating A Java KeyStore

Java Keytool Tutorial 0:15:17

Java Keytool Tutorial : Part 1 - Introduction to Keytool

Generating KeyStores and 0:17:07

Generating KeyStores and TrustStore using Keytool and OpenSSL - Part 2

Java Keytool Tutorial: 0:01:51

Java Keytool Tutorial: How to export a Certificate from a Java Keystore

how to add 0:05:22

how to add ssl certificate in java

Java Keytool Tutorial: 0:16:34

Java Keytool Tutorial: Part 2 - What is a KeyStore?

Explaining Keystores | 0:08:23

Explaining Keystores | Part 1 - JKS

How to generate 0:04:29

How to generate key store with keytool in cmd

How to Set 0:12:28

How to Set up SSL Locally in Java | keytool

HTTP to HTTPS 0:13:04

HTTP to HTTPS using SSL and SpringBoot | Java Techie

Java :Trust Store 0:03:23

Java :Trust Store vs Key Store - creating with keytool(5solution)

How To Import 0:13:59

How To Import SSL in JRE/Cacerts/Keystore (in easy way)

Java keystore and 0:05:51

Java keystore and truststore explanation

Generating SSL Certificate 0:06:22

Generating SSL Certificate using Java keytool and Deploying on Apache Tomcat [Practical Example]

How to add 0:01:56

How to add a certificate to java keystore

Part 1 # 0:03:08

Part 1 # Spring Boot with SSL: Prepare Keystore and Truststore

Java Keystore - 0:05:13

Java Keystore - Introduction to Java Keystore | Encryption Consulting

Java Keytool Tutorial: 0:27:04

Java Keytool Tutorial: Part 5 - Using Signed certificate.

Комментарии
Автор

This is the level of explanation I was looking for since entire of my career so far. Nevertheless I have got to know it in such details that now I can answer if my juniors ask me about the keystone, truststore and how to use them properly.

Thanks...

anrgkdm
Автор

Right on man you are a blessing for my training you are giving me hand up the latter THANK YOU

ShaunGrimm
Автор

Very good explanation ... Thanks for making videos

nileshpawar
Автор

Hi Rahul i tired for the trust store and getting "Could not parse certificate: java.io.IOException: Empty input" i have stored Root and inetrmediate in .crt format and have set the password .

irshadmohammedyakubkhan
Автор

Hi Rahul, I'm given only .crt and .pem file . how should I proceed. Please help

manus
Автор

Hi Rahul,
If we have Root, Intermmediate certificate in cert chain, is it must to add both root and IC in truststore ?

nileshpawar
Автор

I watched almost all videos of your channel when I recently worked on importing Certs using RestAssured .. Excellent explanation, Thanks for your knowledge sharing … !!

I got ‘sequence Tag error’ while reading p12 cert using RestAssured/Java programmatically, looks like it’s an issue while parsing the cert but that’s the only cert I got from client and it’s working perfectly fine in Postman & CURL conmand

Please suggest if there is any solution

shivki
Автор

Hi Rahul,
This is a good tutorial to learn. Thanks!
I have one query. I have added truststore and keystore to sslcontext. But I am facing an I/O exception issue : toDerInputStream rejects tag type 45.
Why I am getring this error?

GeethuSunny-kflt
Автор

These videos are really helpful. In my case I had a client cert and a pem key that transformed to der. When testing I kept receiving the PKIX exception, it seemed it didn't recognize the keystore from the System.setProperty(). Looking into the JDK docs I couldn't find where the default keystores are so not sure from where the HttpClient is reading that data. In my case it didn't work. But when I set the SSLContext and SSLParams explicitly, it worked, so I needed to configure the HttpClient this way:

KeyManagerFactory keyMgrFactory =
keyMgrFactory.init(keyStore, "12345".toCharArray());
SSLContext sslCtx =
sslCtx.init(keyMgrFactory.getKeyManagers(), null, null);

SSLParameters sslParam = new SSLParameters();


HttpRequest httpRequest =
HttpResponse<String> httpResponse = HttpClient.newBuilder()
.sslContext(sslCtx) /* */
.sslParameters(sslParam) /* */
.build()
.send(httpRequest,

Do you know why the properties were not working and the explicit context and params do work? Thanks!

CaboLabsHealthInformatics
Автор

Hi Rahul, thanks for the great video, My use case has a .pem file and the private key in form .key format, when the supply the same to postman it works fine but when I code it java, I am having errors. could you please let me know the steps I need to follow for a proper authentication using rest assured library. Many thanks in advance.

sunilkumarketha
Автор

Sir do you have a example how to make DLL from c program. to Save passwords and security keys

Pooja-mlop
Автор

Hello . I tried to make the same issue with another java . When for my trustore i make
System.setProperty("javax.net.ssl.trustStore",
System.setProperty("javax.net.ssl.trustStorePassword",
and make all this before call WS, i have error SAAJ0009: Message send failed Truststore - Keystore ​​​misconfiguration . Someone can help me ?

lesbizare