Ok, one more post aimed at my memory, but that can end up helping others as well 😉
I’ve been playing around with digital certificates in Java, because I’ll have to implement some stuff here that requires secure calls to web services using them.
One of the requirements for the secure connection is that our server trusts the Web Service’s server. To do this we have to, somehow, install a certificate chain provided by the Web Service provider. Sounds pretty simple, but can be a little bit troublesome if you are not familiar with how Java works with digital certificates and also with how to handle the keystore tool that comes with the JVM.
At first, I tried to import the certificate chain using the keystore directly, without success. The chain provided is a .pb7 file, which I discovered later that follows the PKCS #7 format / standard / whatever. Having never dealt with such a file before, I had no idea of what to do with it. I just knew I had to import it in my local (or server, when in production) trusted certificate store. But I couldn’t find the proper parameters to pass to keystore so that it would do the right thing…
I gave up this approach for a while and started to google around for some solution. This is when I found the KeyStore Explorer application. It is a free tool that really helps visualizing digital certificates, both installed and the ones available in specific certificate files. I installed the tool, and with some guessing I found how to visualize the .pb7 file mentioned before. Strangely, I had to do some manual labour to import the chain of certificates: I visualized, one by one, all of the certificates in the chain, and exported each one to .cer files. After that, I opened the trusted store and imported all of those certificates into it. Done.
Of course, this solution is not ideal, but works. The ideal would be to import the chain directly using the keystore tool, which is probably possible, I just could find exactly how. If you do know how to do this, please leave a comment =)