Specifics about keytool import of certificate(s)
https://stackoverflow.com/questions/5356059
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a remote db server's server.crt, root.crt and server.key files to add into our CF8 Enterprise keystore. I learned how to import a certificate via keytool easy enough. My questions focus specifically on what and how to import:
- Which one, or all, of the 3 files do I enter into castore? If one, which is preferred? If all, do I just add them at the same time in sequence?
- The tutorials describe using .cer files. Do I have to convert from .crt?
- The .crt files were sent to me as X.509. Is this automatically in Distinguished Encoding Rules (DER) format, which CF8 says is necessary?
Here are the reference pages I used:
http://cf-click.blogspot.com/2010/06/configuring-ssl-to-work-with-coldfusion.html
http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html#KeyStore
Solution
root.crt goes in the castore since this is the servers truststore and root.cer presumably contains the certificate at the base of the server.crt certificate chain. By doing this you are saying you trust it to identify other certificates to trust.
server.crt is a certificate containing the servers's public key and server.key is the corresponding private key for the server's and these go in the server's keystore.
.crt and and .cer are generally equivalent (just indicates that it is a certificate, normally X.509). Usually this will be in DER format but could be otherwise such as Base64.
