Skip to main content

Generating JKS Keystore for SSL/TLS

I have done this and forgotten how to do this too many times... so here are some quick references for myself.

 https://stackoverflow.com/questions/11952274/how-can-i-create-keystore-from-an-existing-certificate-abc-crt-and-abc-key-fil

or... this:

openssl pkcs12 -export -in <CRT_FILE>.crt -inkey <KEY_FILE>.key -out <OUTPUT_P12_FILE>.p12

 keytool -importkeystore -srckeystore <OUTPUT_P12_FILE_FROM_ABOVE>.p12 -srcstoretype PKCS12 -destkeystore <KEYSTORE_FILE_NAME>.jks -deststoretype JKS

Comments

Post a Comment

Popular posts from this blog

JHipster, Liquibase, MySQL, and initializing data, including booleans!

When generating a data model from JHipster JDL, we will often declare entities with Boolean fields.  I have so far abandoned H2 as a database because of liquibase issues, and both my dev and production databases will be MySQL.  This is relevant to the Boolean field desire there is a long history in software development of how to store Boolean data types in a SQL database whose standards classically do not support Boolean. In the current JHipster/Liquibase incarnation, tables in MySQL are generated for us, which is really nice.  The Boolean data types are stored as BIT  (1).  This is not a problem so far -- most developers seem to agree now that as a best practice, we should store values in databases as false = 0 and true = 1, and a BIT(1) is a great, simple way to do that. An issue arises when we try to use liquibase to set/update our database to the desired starting state.  For my project, I've chosen gradle instead of maven as a build tool, and gradle has a plugin for liquiba
Post a Comment
Read more

Deploying Spring Boot talking to MySQL on AWS

In a recent post, I listed some very basic information about running a MySQL database on AWS.  In most cases, we don't want a database alone; we want an application that uses that database for CRUD. I've created a simple Spring Boot application that exposes a REST API to create and manage lists of things.  The list values are all stored in a MySQL database. When I went to deploy the application on AWS using Elastic Beanstalk, there were some really good, automatic things that happened to make my life easy: AWS can deploy a Spring Boot jar very easily by simply uploading the jar during setup. AWS creates security groups on the fly so I don't have to worry about extra security configuration. AWS automatically generates DNS information and provides me a URL for accessing the application. As I deployed the application and saw all of these things, I was pretty excited.  It is nice to have a lot of this stuff taken care of for me. Then, I tried to test my applica
Post a Comment
Read more

Spring Security - Authority vs Role

I have spent a lot of time recently trying to understand the difference between Authority and Role in Spring Security.  This is a brief review of what I found. When creating a UserDetailsService or overriding configure(AuthenticationManagerBuilder auth) in the security config class that extends WebSecurityConfigurerAdapter, I basically get complete control over what I populate inside of the UserDetails that is used/returned.  This is important because the UserDetails interface really only cares about how to return one thing: Collection<? extends GrantedAuthority> getAuthorities(); A GrantedAuthority just seems like a glorified String wrapper that names some thing.  The question is... what is that thing? This is where the subtle difference between Authority and Role comes into play. I think that Role is an older thought/construct that automatically gets plugged into Authority if we just create a user with a Role.  But completely forget about the code and classes for a mi
Post a Comment
Read more