Chapter 1: Introduction

This document describes how to create Java Key Store files from X509 certificates and private keys in PEM format. The AKM Administrative Console is used by Crypto Officers to perform key management functions. This application requires certificates and keys in the Java Key Store (JKS) format.

Note that if you create AKM certificates and keys using Microsoft Active Directory Certificate Services (AD CS), you must first convert the administrative certificates in PFX format to PEM format. Please see the AKM AD CS Quick Start Guide for more information.

Change log

The following table provides information on the changes to this documentation:

Version Date Description
2.1.1 10/11/2011 Initial version to replace documentation in other manuals
2.1.13.001 4/8/2014 Manual format updates.

Chapter 2: Install the Portecle Application

The Portecle utility application is a freely available application that you can download from the Internet. Follow the instructions below to download and install this application.

Navigate to the following website and click the Download button:

Locate the .zip file and extract its contents. Open Windows Command Prompt.

Use the Change Directory (CD) command to change to the directory containing the portecle.jar file.

Then run it using the following command:

java -jar portecle.jar

The application will start in a new window:

image alt text

You are now ready to begin using the utility.

Chapter 3: Convert the Admin Certificate and Private Key from PEM to JKS Format

Combining the administrative certificate and private key

Use Notepad.exe (the Windows plaintext editor) to open the admin signed certificate .pem file and save it as a new file name (adminpair.pem) with a .pem extension.

Open the private key .pem file using Notepad, select all, and copy the contents.

Paste the contents of the keypair.pem file to the end of the open adminpair.pem file

Save and close.

The following is an example of printed output of the .pem file:

image alt text

Using the Portecle Java utility application

In Portecle, click the File menu and select New Keystore with type “JKS”. Click the Tools menu and select Import key pair. The following dialog is displayed:

image alt text

Locate the combined cert and key .pem file you have just created and click Choose.

The following dialog is displayed:

image alt text

Click OK. Enter an alias in the “Key Pair Entry Alias” dialog box or accept the default:

image alt text

Click OK. The following dialog is displayed:

image alt text

Leave the password field blank and click OK. (The combined cert and key file is not password protected).

The following dialog is displayed:

image alt text

Click OK.

In Portecle, click the File menu and select Save Keystore. You will be prompted to enter a password for the new keystore file, which you will leave blank.

image alt text

Choose a save location and filename. Use the drop-down menu to select the Java Keystore Files file type. Click Save.

You now have the administrative client certificate and private key in the JKS file. The next step is to import the CA certificate.

Chapter 4: Convert the CA Certificate from PEM to JKS Format

Importing the CA certificate

In Portecle, click the File menu and select New Keystore with type “JKS”.

From the Tools menu, select Import Trusted Certificate. The following dialog will display:

image alt text

Locate and select the CA Cert (.pem) file and click the Import button. A warning dialog box notifying that the trust path could not be established is displayed:

image alt text

Click OK.

The “Certificate Details” dialog is displayed:

image alt text

Click OK. The following dialog is displayed:

image alt text

Click Yes to accept the certificate as trusted.

If prompted for an alias name, enter an alias name or accept the default, and click OK.

Click OK to confirm that the trusted certificate has been imported.

The following panel is displayed:

image alt text

Click Save to save the new truststore .jks file.

You now have the CA certificate in the JKS format, and are ready to install and use the AKM Administrative Console application. See the AKM Administrative Console Guide for more information.