O
O
oleg_sidorenkov2015-06-16 15:23:47
Digital certificates
oleg_sidorenkov, 2015-06-16 15:23:47

How to create a chain of certificates?

Comrades, I ran into a problem when adding certificates to the storage for authorization on the server where the http request is sent. The essence of this is 3 certificates, from the client to the root server, where the request will be sent. For authorization, you need to substitute all these certificates at once. A Java application, at the time of an authorization request, searches the java kestore for a certificate that matches the request. It turns out that you need to somehow create a chain of certificates that looked like a hierarchy from client to server.
I can only use keytool to add a certificate to the store:
keytool -import -trustcacerts -alias ca1 -file ca1.crt -keystore server.jks The
only question is how to build a chain.
OS: Gentoo(Linux)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
O
oleg_sidorenkov, 2015-06-18
@oleg_sidorenkov

I saw this as a solution on other publics, but went the other way:
1. Using a text editor:
a. open files
b. create a new document
c. copy into a new document the contents of each of the files in the sequence: reseller certificate 1, reseller certificate 2, reseller certificate 3, root certificate
d. save the file
to something should look like:
----- the BEGIN CERTIFICATE -----
MIICBzCCAXACCQDBBdYCGkYdkDANBgkqhkiG9w0BAQUFADBIMS owKAYJKoZIhvcN
AQkBFht3ZWJtYXN0ZXJAYmlsbG1ncnNlcnZlci5jb20xGjAYBg NVBAMTEWJpbGxt
Z3JzZXJ2ZXIuY29tMB4XDTEzMDQxNDE2MzgyNloXDTIzMDQxMj E2MzgyNlowSDEq
MCgGCSqGSIb3DQEJARYbd2VibWFzdGVyQGJpbGxtZ3JzZXJ2ZX IuY29tMRowGAYD
EFAAOBjQAwgYkC VQQDExFiaWxsbWdyc2VydmVyLmNvbTCBnzANBgkqhkiG9w0BAQ
gYEA00K2OIK5rsHToFmv2lqAPsmQs3BYKhADm7sC69FqIUWQtf EzGNa24Wts / SAp 7tjPWb7couX0
6pekekc6lfJitUd27M2yhblzpF3eYIhAT5o7F + X / K54S3B4vT7Ky
WXC7I1LXC9xAHnErhpIc97wPS7R0IKQ8J5rWdsaOdYx79s0CAw EAATANBgkqhkiG
9w0BAQUFAAOBgQArdad2hqOORfYeV0xcbFSyLkVHVgeuF9ulBo E7qsd777ylBySi 0Pg1WGnkaByBGmhphzwfj7cWE75o0p955z4VPNv 4fHNli9Hz4
vTQjQIbQ + + iCGBK XLIvfWmbzOW8orPhk2cULY1uQboQK
TUTm0Fj + / 2 / DR / cSbFUSo2Wn66WPg ==
----- END CERTIFICATE -----
----- BEGIN CERTIFICATE-----
MIICBzCCAXACCQDBBdYCGkYdkDANBgkqhkiG9w0BAQUFADBIMS owKAYJKoZIhvcN
AQkBFht3ZWJtYXN0ZXJAYmlsbG1ncnNlcnZlci5jb20xGjAYBg NVBAMTEWJpbGxt
E2MzgyNlowSDEq Z3JzZXJ2ZXIuY29tMB4XDTEzMDQxNDE2MzgyNloXDTIzMDQxMj
MCgGCSqGSIb3DQEJARYbd2VibWFzdGVyQGJpbGxtZ3JzZXJ2ZX IuY29tMRowGAYD
VQQDExFiaWxsbWdyc2VydmVyLmNvbTCBnzANBgkqhkiG9w0BAQ EFAAOBjQAwgYkC
gYEA00K2OIK5rsHToFmv2lqAPsmQs3BYKhADm7sC69FqIUWQtf EzGNa24Wts / SAp 7tjPWb7couX0
6pekekc6lfJitUd27M2yhblzpF3eYIhAT5o7F + X / K54S3B4vT7Ky
WXC7I1LXC9xAHnErhpIc97wPS7R0IKQ8J5rWdsaOdYx79s0CAw EAATANBgkqhkiG
9w0BAQUFAAOBgQArdad2hqOORfYeV0xcbFSyLkVHVgeuF9ulBo E7qsd777ylBySi
0Pg1WGnkaByBGmhphzwfj7cWE75o0p955z4VPNv + + 4fHNli9Hz4 vTQjQIbQ iCGBK XLIvfWmbzOW8orPhk2cULY1uQboQK
TUTm0Fj + / 2 / DR / cSbFUSo2Wn66WPg ==
----- ----- END CERTIFICATE
then put this certificate into the container, and it turned out what you need

M
Max, 2015-06-16
@MaxDukov

openssl export certificate chain
openssl pkcs12 -export -chain ?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question