Showing posts with label Certificate. Show all posts
Showing posts with label Certificate. Show all posts

Wednesday, October 14, 2015

How to generate SSL Key, CSR and Self Signed Certificate using OpenSSL.

I have already discussed how to generate SSL certificate using keytool over here. In this article, I am going to explain how can you achieved the same thing using OpenSSL tool.
The three differnet files that I am going to generate i.e. :
  • waheedtechblog.key
  • waheedtechblog.csr
  • waheedtechblog.crt

Generate Private key : waheedtechblog.key

openssl genrsa -des3 -out waheedtechblog.key 1024



Generate a Certificate Signing Request (CSR)

Using above generated key file, We will now create the CSR file

openssl req -new -key waheedtechblog.key -out waheedtechblog.csr



Generate a Self-Signed SSL Certificate

openssl x509 -req -days 365 -in waheedtechblog.csr -signkey waheedtechblog.key -out waheedtechblog.crt



These file can be used to enable SSL in Apache Server.

Sometime, we need to remove passphrase to run key in Apache Server, if you get such issue while enabling SSL in Apache Server then run following command to remove passphrase :

openssl rsa -in waheedtechblog.key -out waheedtechblog_new.key



Your new file is key without encryption.


Thank you..!!!!




Friday, May 24, 2013

How to read certificates using CertificateFactory class

In my previous blog, I have explained how can you create self signed certificate using bouncy castle API and how to import it into keystore.

This tutorial will explain how to read existing certificate file using java.security.cert.CertificateFactory class.


import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;

/**
 * Reads the certificate and import into Java keystore.
 *
 * @author abdul
 *
 */
public class ReadCertificateFile {

    /**
     * @param args
     * @throws Exception
     */
    public static void main(String[] args) throws Exception {

        ReadCertificateFile readCertificateFile = new ReadCertificateFile();

        // Path of the certificate file
        FileInputStream fis = new FileInputStream("YOUR_CERTIFICATE.cert");

        /*
         * Returns a CertificateFactory object of the specified certificate
         * type.
         */
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
       
        /*
         * Read the certificate from the specified input stream, and returns it
         * as a Certificate object. It can read certificate in both binary (DER
         * encoded) and printable (RFC standard) formats.
         */
        java.security.cert.Certificate cert = cf.generateCertificate(fis);

        System.out.println();
        System.out.println("Certificate Details: ");
        /*Returns the type of this certificate factory*/
        System.out.println("Type = " + cert.getType());
       
        System.out.println("toString = " + cert.toString());

        PublicKey key = cert.getPublicKey();
        System.out.println();
        System.out.println("PublicKey Object Info: ");
        System.out.println("Algorithm = " + key.getAlgorithm());
        System.out.println("Format = " + key.getFormat());
        System.out.println("toString = " + key.toString());

        // save/import certificate into keystore
        readCertificateFile.saveCert(cert);
    }

    private void saveCert(Certificate cert) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);

        // import your certificate into keystore
        keyStore.setCertificateEntry("YOUR_ALIAS_NAME", cert);

        // name of keystore "
        File file = new File(".", "YOUR_KEYSTORE_NAME");
        keyStore.store(new FileOutputStream(file),
                "YOUR_PASSWORD".toCharArray());
    }

}


How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...