Thursday, November 24, 2011

A PEM Backed Keystore for Java SSL

For Thumbslug, we needed to open a number of SSL connections to the same server, each with its own X.509 client certificate. Thumbslug grabs the certificates from Candlepin, which stores them in PEM format. Rather than teach Candlepin to also store these certificates in a different format, or to load them first into a format that Java deals with nativley (like PKCS #12), I figured it would be best to create an SSLSession backed directly by an X509Certificate and PrivateKey loaded from the PEM file.

I wasn't able to find any other examples of a PEM backed Java KeyStore, so here is mine (backup), and the code that uses it (backup). Since PEM is still widely used (by OpenSSL, for example), hopefully others can make use of this.

No comments:

Post a Comment

© 2012 James Bowes. Icons by glyphicons. Powered by Blogger.