Android SSL BKS Certificate generation, and the conversion of PFX to JKS certificate

Last Update:2015-02-09 Source: Internet

Author: User

Tags aliases pkcs12

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

I. Android SSL BKS certificate generation process

　　1. Generate the server JKS certificate:

Keytool-genkey-alias Peer-keystore Peer.jks

　　2. Export the CERT certificate:

Keytool-exportcert-alias peer-file Peer.cert-keystore Peer.jks

　　3. Build the Android client BKS certificate

Need to use Bcprov-ext-jdk15on-151.jar, official website: http://www.bouncycastle.org/latest_releases.html

Put the jar package into the%java_home%\jre\lib\security

Keytool-importcert-keystore peer.bks-file Peer.cert-storetype Bks-provider Org.bouncycastle.jce.provider.BouncyCastleProvider

Two. pfx and JKS certificate conversion

　　Tool class:

Import Java.io.FileInputStream;
Import Java.io.FileOutputStream;
Import Java.security.Key;
Import Java.security.KeyStore;
Import Java.security.cert.Certificate;
Import java.util.Enumeration;

public class Certificateconvertutil {

public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";

/**
* PKCS12 Turn JKs
* @param input_keystore_file PKCS12 Certificate Path
* @param keystore_password PKCS12 certificate keystore password
* @param ouput_keystore_file JKS Certificate Path
*/
public static void Pkcs12tojks (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (PKCS12);
FileInputStream fis = new FileInputStream (input_keystore_file);

char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}

Inputkeystore.load (FIS, Npassword);
Fis.close ();

System.out.println ("KeyStore type=" + inputkeystore.gettype ());

KeyStore Outputkeystore = keystore.getinstance (JKS);

Outputkeystore.load (null, Npassword);

Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {

String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");

if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);

System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}

/**
* JKs Turn PKCS12
* @param input_keystore_file JKS Certificate Path
* @param keystore_password JKS certificate keystore password
* @param ouput_keystore_file PKCS12 Certificate Path
*/
public static void JKSToPKCS12 (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (JKS);
FileInputStream fis = new FileInputStream (input_keystore_file);

char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}

Inputkeystore.load (FIS, Npassword);
Fis.close ();

System.out.println ("KeyStore type=" + inputkeystore.gettype ());

KeyStore Outputkeystore = keystore.getinstance (PKCS12);

Outputkeystore.load (null, Npassword);

Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {
 
String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");

if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);

System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}

}

　　When you use the tool class to convert, the certificate alias is output to the console.

Test code:

 Public Static void Main (string[] args) {        Certificateconvertutil.pkcs12tojks ("d:/peer.pfx", "123456", "D:/peer.jks");    }

Android SSL BKS Certificate generation, and the conversion of PFX to JKS certificate

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More