What I'm planning to do is writing a client-server application that uses a SSL (TLS) connection to exchange data.
As the client is downloadable and I can not guarantee access to the keystore I'm looking for a way to import certificates at runtime.
What I need:
- A way to import the server's public key/certificate into the client application
- A way to import the server's private key/certificate into the server application
What I found out so far:
// load the server's public crt (pem), exported from a https website
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new
FileInputStream("C:\\certificate.crt"));
// load the pkcs12 key generated with openssl out of the server.crt and server.key (private) (if the private key is stored in the pkcs file, this is not a solution as I need to ship it with my application)
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("C:\\certificate.pkcs"), "password".toCharArray());
ks.setCertificateEntry("Alias", cert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "password".toCharArray());
// create SSLContext to establish the secure connection
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
This does not work for me as I'm getting an error:
java.security.KeyStoreException: TrustedCertEntry not supported at ks.setCertificateEntry("Alias", cert);
Also, I think pkcs12 is used to store private keys which is not what I want.
I'm new to java and I'm really stuck with that problem now.
Thanks in advance,
Kazuo