During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer
format. When I inspect the file using a text editor, it has the following contents:
-----BEGIN CERTIFICATE-----
[Some base64 encoded data]
-----END CERTIFICATE-----
I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.
I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool
command). When I list the entries in the keystore, this entry is of the type trustedCertEntry
. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication…
A workaround I have found is to import the certificate in IE and export it as a .pfx
file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer
file directly into Java. Any thoughts?
Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later.
Best Answer
.CER
files are certificates and don't have the private key. The private key is provided with a.PFX keystore
file normally. If you really authenticate is because you already had imported the private key.You normally can import
.CER
certificates without any problems with