search

Prepare the Java KeyStore

hashtag
Import the client key and certificate into a Java KeyStore

The key and certificate must be converted to an intermediate PKCS#12 format:

triangle-exclamation

Take note of the used password.

openssl pkcs12 -export -in COMPANY_NAME_UAT.pem -inkey COMPANY_NAME_UAT.key -out certificate.p12 -name "certificate"

From this new files create a file in JKS format:

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore certs.jks

Expected output:

Importing keystore certificate.p12 to certs.jks...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias certificate successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
circle-exclamation

To ensure compatibility of the generated KeyStore with the target JRE make sure that the keytool command has been distributed with the same major version of Java (e.g. keytool distributed with JDK Java 11, JRE execution environment Java 11).

hashtag
Add the server root CA certificate to the Java KeyStore

To validate the server certificate (https://api.cstar.pagopa.it/ for production, https://api.uat.cstar.pagopa.it/ for UAT) please add the root CA certificate (Let’s Encrypt R3arrow-up-right) to the new KeyStore.

wget -O lets-encrypt-r12.pem https://letsencrypt.org/certs/2024/r12.pem
wget -O lets-encrypt-r13.pem https://letsencrypt.org/certs/2024/r13.pem
wget -O lets-encrypt-e7.pem https://letsencrypt.org/certs/2024/e7.pem
wget -O lets-encrypt-e8.pem https://letsencrypt.org/certs/2024/e8.pem
wget -O lets-encrypt-e7-cross.pem https://letsencrypt.org/certs/2024/e7-cross.pem
wget -O lets-encrypt-e8-cross.pem https://letsencrypt.org/certs/2024/e8-cross.pem


keytool -import -trustcacerts -file "lets-encrypt-r12.pem" -alias lets-encrypt-r12 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-r13.pem" -alias lets-encrypt-r13 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e7.pem" -alias lets-encrypt-e7 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e8.pem" -alias lets-encrypt-e8 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e7-cross.pem" -alias lets-encrypt-e7-cross -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e8-cross.pem" -alias lets-encrypt-e8-cross -keystore certs.jks

Enter keystore password:
Certificate was added to keystore

hashtag
Quick reference

Previous03. Configure the Batch ServiceNextInstall the software

Last updated