SUN Java Development Kit 6 Installation on Debian Lenny¶
First, install the 'JDK6' package from the Lenny distribution.
apt-get install sun-java6-jdk
While installing, you will be requested for input two times. Please, select 'OK' on the first question, and 'Yes' to the second question.
If there are already other Java VM's installed to the system, consider to set JDK6 ("/usr/lib/jvm/java-6-sun/jre/bin/java(c)") as default Java runtime environment and compiler.
update-alternatives --config java update-alternatives --config javac
Then, edit /etc/profile and add the system's environment variable JAVA_HOME to your environment permanently.
Managing Java Key and Trust Stores¶
Finally, update the original Java Truststore /etc/java-6-sun/security/cacerts with those certificates relevant to EDIT. WP 5.7 Certification Authority's RootCA provides a Java truststore including the current certificates of its rootCA and serverCA. Set the file's ACL accordingly.
cp /etc/java-6-sun/security/cacerts /etc/java-6-sun/security/cacerts.orig cp idp.e-taxonomy.eu.jks /etc/java-6-sun/security/cacerts chown root:root /etc/java-6-sun/security/cacerts chmod 644 /etc/java-6-sun/security/cacerts
Alternatively, you can manage your own Java Truststore and integrate your own certificates, when needed. The following commands show how the EDIT Java Truststore has been created. The default password of the original Java Truststore is changeit.
keytool -import -v -alias EDIT-RootCA -keystore /etc/java-6-sun/security/cacerts -storepass changeit -file /etc/ssl/certs/EDIT-WP5.7-cacert.pem keytool -import -v -alias EDIT-ServerCA -keystore /etc/java-6.0-sun/security/cacerts -storepass changeit -file /etc/ssl/certs/EDIT-WP5.7-ServerCA-cacert.pem
Alternatively, IBM KeyMan is a comfortable Java keystore management tool.
PKCS!#12 Keystore creation¶
In order to handle SSL connections, keystores containing the servers key, certificate and the CA certificate chain to the server's certificate are often required by application.
Presuming, the files are available as PEM-encoded files, a likely PKCS!#12 keystore can be created using OpenSSL. Though, the following command create a PKCS!#12 keystore (server.p12) using openssl from the server's PEM encoded certificate (server-cert.pem) and key file (server-key.pem) and the CA certificate chain file (cert-chain.pem), and protects it by the password "secret"
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server.p12 -name tomcat -CAfile cert-chain.pem -chain -passout pass:secret
Convert PKCS!#12 Keystore to JKS¶
If you need to reuse an already created PKCS!#12 Keystore in JKS format, using the following Java keytool command a PKCS!#12 Keystore can be converted into a JKS keystore
keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass secret -deststorepass secret