Introduction

This page gives complete instructions on how to generate the certificate files to work with Java.

Prerequisite

  • You have a valid Live@edu domain registered and have the PFX certificate file (with private key) issued by Microsoft.
  • You need to download OpenSSL. You can download it from here.
    • Ensure that you can access openssl.exe from command prompt by adding the corresponding directory to PATH.

Generate Key Store File

Use the PFX file issued by Microsoft and generate the p12 format file, using the following OpenSSL commands. Change LiveAtEdu.pfx to the correct file name. Use the same password used to protect the pfx file while generating the pem and p12 files.
  1. openssl pkcs12 -in LiveAtEdu.pfx -out LiveAtEduKey.pem -nodes -nocerts
  2. openssl pkcs12 -in LiveAtEdu.pfx -out LiveAtEduCert.pem -nodes -nokeys
  3. openssl pkcs12 -export -in LiveAtEduCert.pem -inkey LiveAtEduKey.pem -out LiveAtEdu.p12

Generate Trust Store File

We need to generate the trust store using the 'Certificate Convert' utility provided along with the project download of J2EE Live SSO - http://j2eelivesso.codeplex.com/releases/view/30150. Extract the downloaded file to your machine. Certificate Convert Utility is provided under 'VisualStudio\CertificateConvert' folder in the downloaded file.

Note:
Prerequisite:
  • Open the solution file, CertificateConvert.sln, in Visual Studio 2008 (from Certificate Convert Utility).
  • Build the CertificateConvert project.
  • Edit App.Config file
  • Run the CertificateConvert utility.
    • CertificateConvert.exe - Export the Windows Root and Intermediate CA stores and builds a Java truststore. Path's for the output directory and for the Java keytool specified in App.Config
    • This will generate cacerts-win32.jks in the directory specified by basePath in App.Config. cacerts-win32.jks can be used as the trust store file.

References

Last edited Sep 22, 2010 at 9:21 PM by maneshhere, version 15

Comments

No comments yet.