Concatinating cert and key file so that it can be included in java cacert file

Question

We have been provided with certificate from our client for the CSR we have given to them.

Basically I have been provided with abc.pem and abc.cert files.

abc.key is the one which we have used to generate the CSR.

openssl req -out abc.csr -new -newkey rsa:2048 -nodes -keyout abc.key

with following curl I was able to make a call to client.

C:\Sanjay\Work\17MM\Curl\curl-7.43.0-win32\bin>curl --cert "abc.cert" --key abc.key -X GET -H Accept:application/json -H Content-Type:applica tion/json -v "https://client.com"

My questions: We want to group the key file and cert file into one so that we can include it in cacert C:\Program Files\Java\jdk1.7.0_51\jre\lib\security so that we when we make a request via camel or apache http client it picks the certificate from cacert.

Please suggest!

Answer 1

The cacerts file is the default truststore. It is a keystore in terms for file format, but it's used as a truststore (to verify the remote party's identity), not a keystore (to prove your identity to the remote party).

You shouldn't put your private key and End-Entity Certificate (EEC) in cacerts:

• It's good practice to separate keystore and truststore (since the truststore can be made public).
• There is no default keystore in Java. cacerts is only used as a truststore by default.

From the files you have, easiest option would be to build a PKCS#12 (.p12) file and use it with the PKCS12 keystore type. You then can use the javax.net.ssl.keyStore system property to point to it and javax.net.ssl.keyStoreType=PKCS12 for the type, and set javax.net.ssl.keyStorePassword too, unless your client library has its own way of loading a keystore too.