You are here

Use personal/portable Keystore with jportable

6 posts / 0 new
Last post
JBDiehl
Offline
Last seen: 3 years 6 months ago
Joined: 2012-07-26 13:21
Use personal/portable Keystore with jportable

Hello,

I have a question regarding the use of the JAVA-Keystore with "jportable".

I would like to import client authentication certificates permanently to a personal keystore located on an USB flash drive.

Does somebody know if this possible and which configuration parameters I will have to change?

The background story around this is, that I'm about to create a portable Firefox 10 ESR environment with JAVA JRE 6 or 7 that will be used to give users access to a webiste with a HTTPS-Application with client authentication. The certificates should be "pre-installed" on the USB flash drive and the installed JAVA JRE installed on the USB flash drive should be used, regardless if there is a local installation of either Firefox and/or Java and probably also certicficates in a local keystore.

Regards

JBDiehl

guillaume.prevot
Offline
Last seen: 7 years 4 months ago
Joined: 2009-07-29 13:54
System properties

Hello,
Maybe you should look for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.
These system properties can be used to specify custom trusted keystore, either programmatically :

System.setProperty("javax.net.ssl.trustStore", "your.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");

or with command line :

java -Djavax.net.ssl.trustStore=your.keystore -Djavax.net.ssl.trustStorePassword=password your.MainClass

All properties are detailed here.
I hope it will help you

JBDiehl
Offline
Last seen: 3 years 6 months ago
Joined: 2012-07-26 13:21
Hello, thank you for your

Hello,

thank you for your answer but I'm afraid this is not exactly, what I'm looking for.

I would like to "install/import" the client certificates permanently to the USB drive where Firefox and JRE is installed to. The idea is to have a preconfigured environment for certain users that are using a certain web-application from where ever they are, as long as they are able to launch the portable Firefox installation.

Right now, when importing client certificates, they get stored to %USER_HOME%\appdata\Sun\Java\Deployment\security\trusted.clientcerts

I would like to configure the portable JAVA JRE installation to use something like:

portable-drive\CommonFiles\Java\lib\security or any other path located on the USB drive, as long as FF and JRE are using the installed/imported client certificates from this path on the portable drive.

Application wise this is already working as long as we are using a local installation with locally installed JRE and imported client certificates, but we would like to make our "Webclient" (Firefox with JRE and client cert) completely portable.

Regards

guillaume.prevot
Offline
Last seen: 7 years 4 months ago
Joined: 2009-07-29 13:54
I'll try again :)

Maybe you'll find what you're looking for here.

It seems you can :

  1. copy the "trusted.clientcerts" file to the USB flash-drive
  2. create a file called "deployment.properties", pointing to your "trusted.clientcerts" file on the USB flash-drive.
  3. create a file called "deployment.config" in {portable.java.home}\lib, pointing to your "deployment.properties" file.

I have not tried myself but the page looked useful to me.

But to be fully portable, you'll have to solve the drive letter modification (edit 1=) or, if used online only, you may be able to access the clientcerts file with a network URL).

(edit 2=) I've seen you're talking about HTTPS. If the certificate you want add is only used by your web application for HTTPS, you may not need java at all. Have you tried to import the certificate on portable firefox ?

JBDiehl
Offline
Last seen: 3 years 6 months ago
Joined: 2012-07-26 13:21
The certificate is used by

The certificate is used by both, Firefox and Java JRE, because we have a Java based picture viewer in our application. Importing the client certificate to Firefox only will not work.

I will try the recommended instructions later and let you know if it worked.

Thank you very much for your help. It would be great, if I could solve this issue

Regards

JBDiehl

JBDiehl
Offline
Last seen: 3 years 6 months ago
Joined: 2012-07-26 13:21
Hello again, sorry for

Hello again,

sorry for answering a little late in this topic, but it seems that I'm still not able to solve this issue on my own.

I could not get the certificate to be used by the browser once I put the files in the mentioned locations, but I'm almost sure that I misses something or understood it wrong.

> 1. copy the "trusted.clientcerts" file to the USB flash-drive

No problem

> 2. create a file called "deployment.properties", pointing to your "trusted.clientcerts" file on the USB flash-drive.

No Problem here

> 3. create a file called "deployment.config" in {portable.java.home}\lib, pointing to your "deployment.properties" file.

How can I check if this file is really used for the portable configuration at all? I'm afraid that this configuration is never used, especially if there is a local installation of a JRE also.

Also, the property "deployment.system.security.trusted.clientauthcerts" relies on $SYSTEM_HOME and "deployment.user.security.trusted.clientauthcerts" relies on $USER_HOME.

How can I check/alter these variables? Aren't these (local) operating system enviroment variables? I don't want to modify any local variables, everything needs to be configured in the portable environment.

Is it still possible to do this?

Best regards

JBDiehl

Log in or register to post comments