23 Čec
2018
23 Čec
'18
12:39
On 23/07/18 11:56, Dr P Nyirenda wrote:
Good morning,
I have a new registrar that is trying to use Java for EPP connections to our .mw FRED
server
and they are having a problem on how to use SSL digital keys and SSL certificates in
their
Java EPP client
They want to import the SSL private key and digital certificate into their Java EPP
client.
.
The e-mail address of the registrar is domain(a)idcicp.com and their skype IP is
slowturtlej
.
As of now they are trying something like the following:
openssl pkcs12 -export -clcerts -in topnets.cert.pem -inkey topnets.key.pem -out
clientuser.p12
keytool -importkeystore -srckeystore clientuser1p12 -srcstoretype PKCS12 -deststoretype
JKS -destkeystore ServerKeystore.jks
Let me know if you can help and please, if you can, also communicate to them direcly on
the
above address and skype ID.
Regards,
Paulos
Greetings
Before all, make them aware that this is not working like HTTPS, but both parties are
sending SSL*
encrypted data. So they need not only to accept FRED's (CA) certificate, but also
encrypt traffic
going from them to FRED.
Assuming you have custom certificates from FRED...
First they can convert FRED's CA cert to X.509 format:
openssl x509 -in cacert.pem -out cacert.cer
Then import X.509 certificate into trusted cacers for Java
keytool -keystore /path/to/cacerts -storepass changeit -import -alias youralias -file
/path/to/cacert.cer
Then they need to create this p12 keystore with their cert and priv key.
Check the relevant section in
https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html, if
the commands sent by them don't work.
Important part is to make their programme use that keystore ;-)
HTH.
Best regards
Piotr