Keystore Explorer for Linux

Keystore Explorer (KSE) is one of those rare gui utilities I can find myself wholeheartedly endorsing. If you work with a menagerie of Java trust and key stores, it may just be the thing that saves your sanity.

Juggling SSL certificates for Java based applications can be tedious when all you have to work with is Oracle’s keytool (a utility I’ve used in many previous projects, like this.

I’m generally not a fan of gui tools, even on Windows, but recently I found myself mucking around in multiple Java key and trust stores in testing and found the open source KSE to be a godsend.

NOTE: Portecle is an open source alternative to KSE that is already in the Fedora repositories. It uses the Java-based Bouncycastle crypto libraries that are also open source (and in the Fedora yum repo!). Not as pretty as KSE to look at, but a good substitute nonetheless if you don’t want to go messing with creating .desktop files and symlinks.

KSE is written in Java and its website includes downloads for Windows and Mac OSX users, but a simple .zip for everyone else. That’s actually OK with me, as I’ve found that simple archives of many Java applications work better than the packages usually churned out for various Linux distributions.

To install KSE on a Fedora Linux workstation or server running the Gnome desktop, simply download the .zip file and unarchive it to somewhere like /opt/kse.

Next, modify the included kse.sh script as follows:

#!/bin/bash

# Oracle/OpenJDK JRE version 1.6+ has to be present on your path 
# OR in a directory called "jre" in the same directory as this script 
JRE_HOME=/usr/lib/jvm/jre
cd /opt/kse

if [ -d "jre" ]; then
	./jre/bin/java -jar kse.jar 
else
	java -jar kse.jar
fi

With Java desktop apps on Linux I’ve usually found that (a) explicitly mapping the JRE or JAVA home variable; and (b) starting the app in the program’s own directory works best.

Make a symlink from the script to a bin directory in the PATH for all users:

ln -s /opt/kse/kse.sh /usr/local/bin/kse

Create a kse.desktop file so that it will be displayed on the Gnome menu, and copy it into /usr/share/applications:

[Desktop Entry]
Name=KeyStore Explorer
Comment=Manage Java Keystores
Terminal=false
Exec=/opt/kse/kse.sh
Type=Application
Icon=/usr/share/pixmaps/keys.png
Categories=Development;Java

Note: I stole the keys.png file from Gnome’s Seahorse key manager.

The tool’s operation is pretty intuitive, although I’d recommend reading the Release Notes .

This entry was posted in Development, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).