Creating .p12 truststore with openssl

by

A possible explanation for this behaviour:

The standard PKCS#12 provider up to Java 7 did not allow trusted
certificate entries at all. The JSSE Reference Guide says this:

Storing trusted certificates in a PKCS12 keystore is not supported.
PKCS12 is mainly used to deliver private keys with the associated
certificate chains. It does not have any notion of “trusted”
certificates. In terms of interoperability, other PKCS12 vendors have
the same restriction. Browsers such as Mozilla and Internet Explorer
do not accept a PKCS12 file with only trusted certificates.

This has changed a bit in Java 8, which supports trusted certificates
in PKCS#12 – if they are marked with a special attribute (OID
2.16.840.1.113894.746875.1.1):

openssl pkcs12 -in microsoft.p12 -info
MAC Iteration 1024
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024
Certificate bag
Bag Attributes
    friendlyName: microsoft it ssl sha2 (baltimore cybertrust root)
    2.16.840.1.113894.746875.1.1: <Unsupported tag 6>

Source:

More Related Contents:

  1. SSL Connection Reset
  2. Generate certificates, public and private keys with Java [closed]
  3. How to use .key and .crt file in java that generated by openssl?
  4. How can I use different certificates on specific connections?
  5. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  6. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  7. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  8. How to decrypt file in Java encrypted with openssl command using AES?
  9. Problems using Maven and SSL behind proxy
  10. How to read .pem file to get private and public key
  11. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  12. Load RSA public key from file
  13. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake during web service communicaiton
  14. How to programmatically set the SSLContext of a JAX-WS client?
  15. Keystore type: which one to use?
  16. java – ignore expired ssl certificate
  17. Java SSL: how to disable hostname verification
  18. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  19. Problems connecting via HTTPS/SSL through own Java client
  20. How to enable SSL 3 in Java
  21. Choosing SSL client certificate in Java
  22. How to convert certificate from PEM to JKS?
  23. How do I run my application as superuser from Eclipse?
  24. Java SSLHandshakeException: no cipher suites in common
  25. Java and SSL – java.security.NoSuchAlgorithmException
  26. java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  27. Java: Loading SSL Keystore via a resource
  28. SNI client-side mystery using Java8
  29. Ignore self-signed ssl cert using Jersey Client [duplicate]
  30. Java HttpsURLConnection and TLS 1.2

Leave a Comment