Generate a certificate with Openssl and import the same certificate using keytool

Question

I have a question about the SSL during the use of CAS in LIferay.

I have generate the certificate using Openssl (I flollowed this tutorial) on my CAS Server and now I would to import the certificate using keytool on the Liferay machine. To import the certificate with keytool I use this command:

keytool -import -alias tomcatLiferay -file /myopensslcertificate.crt

But when I import the .crt certificate file and I check the CAS connection I get the message: SSL Error. IF I try to generate the certificate using keytool (keytool -genkey...) on the CAS server end I import this certificate using keytool -import .... I can connect to the CAS server and I not see any errors... I think that I use a wrong way to generate the certificate with openssl or a wrong way to import the certificate (generated with openssl) with keytool.

score 1 · Answer 1 · answered Sep 27 '14 at 19:50

the java keytool does not fully support PEM encoded (ascii) certificate files. You could convert it to a DER encoded (binary) vertificate by issuing:

openssl x509 -in <der certificate file> -inform PEM 
-out <pem certificate file> -outform  DER

After converting the certificate to a supported format the keytool import should work.

keytool -import -trustcacerts -alias <your alias> 
-file <der certificate file> -keystore <keystore-file>

This blog post describes it in detail

Generate a certificate with Openssl and import the same certificate using keytool

1 Answers1