Shawn and Mark,
On 9/13/23 09:30, Mark Thomas wrote:
On 13/09/2023 14:00, Shawn Heisey wrote:
On 9/12/23 01:06, Thomas Hoffmann (Speed4Trade GmbH) wrote:
I moved away from using the proprietary java keystore format.
I switched to using Base64 PEM format. This is usually also the
format you get from the certificate issuer.
No need to convert it into Java format any more and you can also open
it with any text editor.
I have never been able to get a Java program to accept a
certificate/key in PEM format. The closest I've been able to come is
creating a PKCS12 file with openssl. Annoying because all the other
software I use accepts PEM with no problem, and as you have said, PEM
is the format generally produced by a CA.
How did you get it to take a PEM cert?
Tomcat has supported this for a while. The bulk of th ecode can be found
in:
https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/util/net/jsse/PEMFile.java
I also have code on GitHub that is very similar.
https://github.com/ChristopherSchultz/pem-utils
The hard part is the wide variety of "private key" formats that are out
there in the wild. Reading a certificate in PEM format from Java is
pretty much a one-liner. But reading a private key in one of the many
possible formats, encodings, encryption strategies, etc. requires miles
and miles of code.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
