The keytool command is part of the Java 2 JDK release.
Complete documentation can be found at sun-keytool.html.
The keytool command will do most of what you need: listing contents,
setting aliases, adding new trust certificates. The one thing it does
not
do is to import a trusted entry, e.g. cert and key. There is a class
that
comes with the jetty release that we have used. There may be tools in
the Sun suite as well.
openssl x509 -in 'CAcert.der' -inform DER -outform PEM -out 'CAcert.pem'To import into a keystore:
keytool -import -keystore 'sec-client.jks' -file 'CAcert.pem' -trustcacerts -alias 'CA'
#NOTE:
# Need both the cert and private key in the keystore so...
# need to be in pem format so if it is in DER format convert to pem first
#use openssl to make ONE pkcs12 file (combine both cert & private key)
openssl pkcs12 -inkey 'jason.key.pem' -in 'jason.cert.pem' -export -out 'jason.pkcs12'
# use jetty to load it (from http://jetty.mortbay.org/)
# with jetty-6.0.2 the command is
java -cp org.mortbay.jetty-6.0.2.jar org.mortbay.jetty.security.PKCS12Import 'jason.pkcs12' 'sec-client.jks'
Now to rename the alias use:
keytool -keyclone -alias 1 -dest 'jason' -keystore 'sec-client.jks'
keytool -delete -alias 1 -keystore 'sec-client.jks'
Then to import the DOEGrids CA cert:
keytool -import -keystore 'sec-client.jks' -file 'doeGridsCA.pem' -trustcacerts -alias 'DOEGridsCA'
keytool -import -keystore 'sec-client.jks' -file 'esnetRoot.pem' -trustcacerts -alias 'esnetRoot'