Thursday, June 01, 2006

So, you need a keystore?

I've just finished writing a tutorial on using JDeveloper to apply security, deploy and call secure J2EE, WS-Security web services.

JDeveloper provides a great environment for testing security. It allows you to add authentication, integrity and encryption settings and keystore to a service and then develop and secure a client proxy to test the security. And because JDeveloper comes with a J2EE container you can deploy and monitor the services too. But I digress.

In the course of developing the tutorial I did some research on Keystores and creating self-signed X509 certificates to use in a test environment. My tutorial uses Sun's Keytool utility to generate keys and a keystore. But what if you needed to use later versions of X509 certificates? Keytool generates V1 certificates only.

That's when you need something more powerful. And I found a couple of opensource products that fit the bill - especially as they both offer good GUIs.

First, Abylon SelfCert creates PKCS #12 (Personal Information Exchange Syntax Standard) format keys.

And to get those keys into a jks keystore I like Portecle (say "porte cle" with a French accent). Here it's simple to open the .pfx files, check the certificate version; change the keystore type to JKS, JCEKS, BKS, UBER; set passwords and many other things as well as import additional key pairs