During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer
format. When I inspect the file using a text editor, it has the following contents:
-----BEGIN CERTIFICATE-----
[Some base64 encoded data]
-----END CERTIFICATE-----
I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.
I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool
command). When I list the entries in the keystore, this entry is of the type trustedCertEntry
. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication...
A workaround I have found is to import the certificate in IE and export it as a .pfx
file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer
file directly into Java. Any thoughts?
Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later.
.CER
files are certificates and don't have the private key. The private key is provided with a .PFX keystore
file normally.
If you really authenticate is because you already had imported the private key.You normally can import .CER
certificates without any problems with
keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"