cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago • verified publisher icon smallstep

Add the ability to create a Java KeyStore

Open alanchrt opened this issue 5 years ago • 5 comments

What would you like to be added

Baked-in JKS file creation, like keytool:

https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html

Why this is needed

Some Java software (including Kafka) seem to make use of JKS files for managing certificates and keys.

alanchrt avatar Sep 23 '19 16:09 alanchrt

I haven't tested it, but there is at least one library for manipulating keystores directly in Go: https://github.com/pavel-v-chernykh/keystore-go

nogweii avatar Dec 01 '19 09:12 nogweii

Thanks for the tip @evaryont! We probably won't have the bandwidth short term to address this feature. That said, we had the pleasure of working through some keystore issues recently and so we definitely see the value in simplifying those workflows.

If anyone reading this has the time / interest / need, we welcome contributions :) Otherwise, we'll be looking to prioritize this early next year.

dopey avatar Dec 02 '19 20:12 dopey

agreed this would be a useful feature, can be done with outside script probably but would increase peoples use of step as an ACME client in the generic sense (not even just for use with the smallstep CA, but for general ACME client use)

TheSecMaven avatar Jul 21 '20 21:07 TheSecMaven

This would be awesome! There's a bunch of scripts solving it with keytool, but it's quite fragile.

isodude avatar Jan 04 '22 11:01 isodude

Is there any update? It seems that there is no way for step-ca to add a plugin to implement jks. So, we have to modify the code of the step-ca/step directly, right?

gangxie112 avatar Jan 15 '24 09:01 gangxie112