About .p12 certificate and how to extract keys from it - certificate

What is the difference between a certificate in a .cer file and one in a .p12 file? Are they just in different formats?
How do I extract the private key and public key from the .p12 file? Can this be done using Java keytool?
Thanks in advance.

You can export from PKCS12 to JKS using Java Keytool.
Please check this link: https://www.tbs-certificates.co.uk/FAQ/en/626.html.
If you want something else. I can provide Java code for getting the certifcate and private key from PKCS12.

Related

Create private key after CSR creation and p7b generation

I'm having trouble understanding how to get/generate a private key for some certificates I requested.
I've created a CSR using the DigiCert Certificate Utility for Windows, which gave me a csr.txt file as an output but no .key file.
Then I proceeded to request the certificates by inserting the above mentioned CSR in the Certificate Management portal of my company.
Now I have received the p7b files and the related CSRs, but no private keys: is it possible to generate it now?
Thanks in advance,
Tommaso
Use the import function of the DigiCert Certificate Utility for Windows. The key is stored on software in the machine where the CSR was created. After the import the key and the certificate are associated and should be in the Windows certificate Store. If the key was generated with the exportable flag, you can export a PKCS#12 and convert that to a key file using openSSL.

How to extract certificate from private key text file

I have just private key available in a plain text file. How to import that into keystore (via keytool or some other tool) without the certificate? Or, is there a way to generate a certificate file w.r.t the given private key file?
I am working on Box service account authentication. I need to store the private key (downloadable from box as a plain text file containing the key) into my keystore via command line utility.
I have tried just putting private key into keystore via keytool. It says "unable to load certificates". I tried to see if we can generate respective certificate from the private key file. No solution. I tried just putting in private key without certificate. Don't know how to do that.
No code required here. Just importing of private key plain file into keystore.

How to Sign .exe using .crt or .cer file. I ONLY have .crt and .cer files issued by Comodo

I ONLY have .crt file with me which I purchased from Comodo. No private key or any thing. How can I use this to sign my code and get rid of "publisher unknown" issue in my installer. I have used Inno-Setup for creating the installer too. Code is in C Sharp. I tried to use sign tool and openssl but I don't have any other file than this user.crt file. I just can get .cer format using .crt and thats all. Appreciate any help
Usually, you need sign the application from PC where you are registered Comodo certificate. The private key saved by your browser in the local storage.
You cannot sign files with a public key only.
You need the private key.
If it were possible to sign files with a public key only, anyone could sign malicious content with your public key.

Sign XML document with .jks compatiblae key store

I am signing saml Response and assertion with x509 certificate. The response is posted to a java app, which throws error Signature length not correct…". I am asked to make sure that the xml doc is signed with certificate in JKS format and not pkcs12.
Is there a way to sign xml document in jks format in c# and then post the saml response to java app?
There is no such thing as a XML document signed in JKS format. These are apples and oranges.
XML digital signatures are specified in XMLDsig standard (assuming that you use XML digital signatures). http://www.w3.org/TR/xmldsig-core/
When you sign something you use the private key of an asymmetric key pair, probably an RSA key pair. http://en.wikipedia.org/wiki/RSA_%28algorithm%29
When you verify the signature you use the public key, commonly wrapped in an X.509 Certificate. http://en.wikipedia.org/wiki/Public_key_certificate
JKS and PKCS#12 are two different formats for storing the private key and the certificate in a container, encrypted using a password (since the private key is supposed to be private you want to protect it using a password).
When you sign an XML document you open the JKS/P12 keystore and use the private key to sign, and optionally include the certificate for easier verification for the recipient.
The private key and the certificate are identical in both cases, i.e. it does not matter if you use JKS or P12, the XML signature is bit for bit identical.
Probably you are sending both the XML document and the PKCS12 keystore to the recipient, and the recipient is unable to open PKCS12 keystore properly?
Java can open both JKS and PKCS12 with no problems at all, most likely your problem is related to something else than JKS vs PKCS12.
I do not know if C# can read and/or write JKS files (JKS == Java Key Store)

How do I create a certificate within AppHarbor using a GoDaddy certificate

I purchased a wildcard certificate from GoDaddy and I want to associate this certificate with a website on AppHarbor.
AppHarbor only allows me to upload a PFX certificate. So, how do I convert a .CRT to a .PFX?
If the contents of the .CRT files is a base-64 encoded certificate and it starts with BEGIN CERTIFICATE, you can dispense with the .pfx file and use keypair certificate entry method on AppHarbor.
PFX is the private information exchange format (Windows calls them like this) and is actually the PKCS12 keystore.
All you have to do is import the certificate in your keystore that already has your private key and use that. You don't need to transform the certificate