Monday, February 11, 2008

Converting keystores between JKS and P12

Johan dug up these keytool commands, that works with JDK6 and onwards (not in JDK5 and earlier).

JKS → P12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

P12 → JKS
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

I recently retested the p12 to jks conversion on Java 7u79, converting a superadmin.p12 keystore from EJBCA to JKS. Still works!

If you need a CA software that can generate both JKS, P12 or PEM keystores directly so you don't have to convert. Take a look at EJBCA Community, or it's supported big brother EJBCA Enterprise.

Using Websphere and WAS under Ubuntu Linux

Some notes about using Websphere ND and RAD under Ubuntu Linux 7.10.

Because Ubuntu uses dash as the default shell (/bin/sh is a link to /bin/dash not /bin/bash) and websphere installation
too requires bash, although it erroneously uses /bin/sh you have two options:
  • Change the link /bin/sh to /bin/bash instead of /bin/dash.
  • Change /bin/sh to /bin/bash in the websphere shell scripts.
To change to websphere shell scripts you can use the following command, that I found on the web (replace paths to meet you installation):
sudo perl -p -i -e "s/\/sh$/\/bash/" /opt/IBM/WebSphere/AppServer/bin/*.sh

To install Rational Applicaton Developer (RAD v7) on a recent Ubuntu you need to
specify some options to java, or your java gui windows will be completely
blank, making it hard to to any installation :-).
To make it work, simply set this environment variable before running
the installer:
export IBM_JAVA_OPTIONS=-Dawt.toolkit=sun.awt.motif.MToolkit

EJBCA PKI blog

Here I will post mostly technical stuff happening during development of EJBCA (http://ejbca.org). This will work like a memory bank for me, and a place for others to find stuff that I have struggled with, or compiled from various sources in the internet.

Welcome!