keystore

问题 My java application uses a keystore file in which I have a certificate which is used in ssl connection with active directory server. What I have to do is to check its expiration date and prompt user if its close to expire. I have to do it while my application starts. My idea is to use external program: keytool to display info about certain certificate in the keystore and then do some parsing operations on a string which keytool outputs to find this validation date. Here's the output of a

问题 I have created and downloaded a certificate from sales force, as per the instructions in PicketLink document. I downloaded the certificate and its name is mysample.crt and I imported the certificate into a keysotre. keytool -import -file mysample.crt -keystore keystore.jks -alias salesforce-idp To check, I exported the public key also keytool -export -alias salesforce-idp -keystore keystore.jks -rfc -file public.cert I have a Java code to get the Public Key, but it is not working. This is my

问题 I have a public certificate from a CA. I want to create a Java SSL connection using this certificate. I referred How can I use different certificates on specific connections? and Java SSL connection with self-signed certificate without copying complete keystore to client. From this I understand that I need to import the certificate into a keystore. However I haven't received any keystore from the CA. I created a keystore and tried to import the public certificate to it. But then I get the

问题 I'm having issues with the https connection to a server with a self signed certificate on devices < api 19. I followed this guide published by android for trusting self-signed certifcates Android SSL and it seems to work fine with all the api>19 devices i tested. How ever i keep getting the "Trust anchor for certification path not found" error on pre 19. I've created the keystore using keytool and doesn't seem to be the problem because is working on some devices. This is my code: URL url_uri

问题 In a Java 1.7 app running on Windows 7, I'm trying to do 2-way SSL with a server (a smartcard token is providing my client certs via openSC). The server's certificate is getting verified by the client just fine, but the client doesn't respond to the server's certificate request. I believe it's because the the client isn't able to make a chain from my certificate to one of the ones requested by the server (even though such a chain exists). Here's the SSL debug of the server's Certificate

问题 Mac OS X has the CA keystore in /System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts. This keystore seems to be overwritten by every Java update, which is very annoying since we have internal CAs for development environments, testing… Is there a way to preserve keystore changes across Apple JSRs, and now, with Snow Leo JSR3, also across updates for the separate Java developer packages (whose JDKs use the same keystore)? 回答1: [ This is outdated info - see the answer below for

问题 I want to generate a RSA keypair in the Android Keystore. Since Android 4.3 is should be possible to generate RSA keys in the Android system Keystore. I generate my RSA key by (works fine) Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(1, Calendar.YEAR); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(ctx) .setAlias("key") .setSubject( new X500Principal(String.format("CN=%s, OU=%s", "key", ctx.getPackageName())))

问题 I am interested in applying a SHA-1 hash with RSA signature to some data, but I need to do it in two steps - apply hash first and then sign the data. The Signature.sign() function appears to create a more complex (ASN.1?) data structure that is ultimately signed (see this question). How can I make the two equivalent without using any external libraries like BouncyCastle? Apply hash and sign in single step with Signature: PrivateKey privatekey = (PrivateKey) keyStore.getKey(alias, null); ...

问题 I am interested in applying a SHA-1 hash with RSA signature to some data, but I need to do it in two steps - apply hash first and then sign the data. The Signature.sign() function appears to create a more complex (ASN.1?) data structure that is ultimately signed (see this question). How can I make the two equivalent without using any external libraries like BouncyCastle? Apply hash and sign in single step with Signature: PrivateKey privatekey = (PrivateKey) keyStore.getKey(alias, null); ...

问题 Tried the basic location retriever code (shown below) String uri = "https://management.core.windows.net/"; String subscriptionId = "XXXXXXXX-5fad-XXXXXX-9dfa-XXXXXX"; String keyStoreLocation = "D:\\test.jks"; String keyStorePassword = "123456"; Configuration config = ManagementConfiguration.configure( new URI(uri), subscriptionId, keyStoreLocation, // the file path to the JKS keyStorePassword, // the password for the JKS KeyStoreType.jks // flags that I'm using a JKS keystore );