Monday, December 22, 2008

Managing keystores, keys and certificates

There are times when you have to deal with keystores/cert in different formats.
In a typical infrastructure, we deal with different entities like loadbalancers, webservers like Apache, java web/app servers like Tomcat, weblogic,Oracle app server.
Each of these support limited set of formats/extensions.
For eg:
Weblogic & Tomcat would only understand java keystores (jks), Oracle understands only PKCS12 format through its Wallet Manager (repository for certs analogous to java keystore).
We have command line utilities like java keytool to deal with java keystores, openSSL (commonly used with Apache servers).
We also have GUI tools to deal with cert repositories.

KeyTool IUI:
This is GUI for java keytool utility. The requirement is that you would need JDK1.6.0 and above.
This supports most of the prominent keystore formats like JKS (.jks,.ks), JCEKS (.jce), PKCS12(.p12,.pfx) and most certificate formats like DER(.crt,.cer) ,PKCS7(.p7b) ,PEM(.pem) ,PKCS10(.p10)
This tool pretty much does most of format conversions.
For eg:
We can convert keypair in PKCS12 to JKS and viceversa, sign a file with private key, verify a signed file etc

Portecle is another user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more.
Its pretty capable of performing similar set of tasks though somewhat lesser functionality to what KeyTool IUI provides.


1 comment:

edulib said...

If you want to replace keytool with a GUI tool then you can also use CERTivity.

It can handle different types of keystores (JKS, JCEKS, PKCS12, BKS, UBER, Windows) and digital signatures.