Explore Courses Blog Tutorials Interview Questions
0 votes
in Java by (10.2k points)

During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer format. When I inspect the file using a text editor, it has the following contents:


[Some base64 encoded data]


I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.

I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool command). When I list the entries in the keystore, this entry is of the type trustedCertEntry. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication...

A workaround I have found is to import the certificate in IE and export it as a .pfx file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer file directly into Java. Any thoughts?

Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later.

1 Answer

0 votes
by (46k points)

  • If you require to confirm you need the private key - there is no other option.
  • A record is a public key with extra properties (like corporation name, country,...) that is signed by some Certificate authority that ensures that the attached claims are true.
  • .CER files are certificates and don't have the special key. The single key is equipped with a .PFX Keystore file normally. If you authenticate is because you already had imported the private key.
  • You normally can import it.CER documents without any problems with

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"

Browse Categories