Importing SSL Certificates to your Keystore

Hi all,

I've been fighting for three days to get my SSL certificate to work with Tomcat 7. First I'm going to give you some advice. Important advice. You must have a Private Key and a Certificate, in order to make everything work. And, both have to be in the same keystore.
What happende to me:

I installed the Certificate I received from Thawte in my keystore. That was very easy, just a simple import file and it was done. But, when I launched my Tomcat, and looked at the logs for the HTTPS [port: 443] connector intialization, I saw that something was going wrong: No Private Key found for my certificate. Then my battle started. Where the hell was my Private Key?, I had only received an email with this content:

Your certificate is:
----- BEGIN CERTIFICATE -----
....
----- END CERTIFICATE ------

So I started browsing the web and found the process of requesting a Signed Certificate from a Certification Authority.
1 ) You generate your keystore plus your private key
2 ) Create the Certificate Signing Request (CSR)
3) Submit the CSR and wait for your Certificate

I wasn't the person who did the whole process, I was just supposed to install it. I knew nothing about that private key. So today, after three days, I received the .pfx file from the people in charge of the process. When I try to open it in Windows I read the following: You have the private key that corresponds to this certificate. Eureca! It must be inside that .pfx file. So I dived into the internet and found that a .pfx file could be imported straight away into a keystore.

Here are the steps you need to follow to do a correct import:
1) Get the .pfx file with your private key inside. Double click the .pfx file and install it to your machine. Select any certificate keystore from your computer. Open Run > certmgr.msc and look for your recently installed .pfx file. Open it and look for the golden key icon followed by You have the private key that corresponds to this certificate.
2) Import the .pfx file to your keystore with the following command:
keytool -importkeystore -srckeystore file.pfx -alias keyALIAS -srcstoretype pkcs12 -destkeystore /path/to/keystore
3) If the import was correct, you must have the private key with the same password that the keystore has. You can change it with the following command:
keytool -keypasswd -alias keyALIAS -keystore ssl-keystore

Note: If you don't do this last step you will get a: java.io.IOException: Cannot recover key error.
I hope this was helpful to you. At least it was for me, and since I've been struggling with these for days, I thought I'd share it.

Cheers!

Get out of the 'Comfort Zone'

Os dejo un vídeo motivacional para que os lancéis y salgáis fuera de la zona de confort.



Quive it, get Quived!
www.quived.com

Generating an API

Afternoon mates. Today I'm starting to develop Quived's API. It's going to be used by smartphones or tablets which have the app installed. It's very important to bare in mind the different HTTP methods when doing this. These codes are the base in which the API sits. In order to know when a request has been successfull or not, you exchange different HTTP status codes.
As always, wikipedia is a perfect place to find information about this: link
More specifically speaking, when doing this in a grails application. Is very important to set up the path that the URL mapping is going to follow. We set this in the URLMappings.groovy file. Inserting the following code for each new route you want to define:

"/rest/url/**" (controller:"YourRestController", action:"method") {
            action = [GET: "method"];
        }

One thing I found out while doing this, is that you are not supposed to put the entire: controllerNameController class name, just the name itself: controllerName.

Once the route to our API method is set, we can define the logic we want it to deliver. Regarding HTTP statuses, in grails we do as follow (at least I do):

• response.status = 200; // 200 OK. Just to set the status.
• render(status:204, text:'Extra information about the status') // 204 NO CONTENT. Status + information

I hope this helps.

Cheers!