encryption


How to convert certificate of Let’s encrypt to jks

To convert a Let’s Encrypt SSL certificate (issued as PEM files) into a Java Keystore (JKS), follow these steps:

Step-by-step guide:

Step 1: Get the files ready

After obtaining your certificate from Let’s Encrypt, you’ll typically have the following files:

  • cert.pem (your domain certificate)
  • privkey.pem (private key)
  • chain.pem (CA intermediate certificates)
  • fullchain.pem (combined certificate with intermediate)

Ensure these files are available on your machine.


Step 2: Combine your certificate and private key into PKCS12 format

Use OpenSSL to create a PKCS12 (.p12) file:

openssl pkcs12 -export \
  -in fullchain.pem \
  -inkey privkey.pem \
  -out certificate.p12 \
  -name your_alias

Replace your_alias with a meaningful alias, such as your domain name.

You’ll be asked to set a password. Remember this password, as you’ll need it to import into the keystore.


Step 3: Import PKCS12 file into JKS Keystore

Now, convert the PKCS12 file (certificate.p12) into a JKS keystore:

keytool -importkeystore \
  -deststorepass YOUR_KEYSTORE_PASSWORD \
  -destkeypass YOUR_KEYSTORE_PASSWORD \
  -destkeystore keystore.jks \
  -srckeystore certificate.p12 \
  -srcstoretype PKCS12 \
  -srcstorepass YOUR_PKCS12_PASSWORD \
  -alias your_alias

  • Replace YOUR_KEYSTORE_PASSWORD with the password you want for your new Java keystore.
  • Replace YOUR_PKCS12_PASSWORD with the password you set when creating the .p12 file in Step 2.

Step 4: Verify your JKS Keystore

To ensure your certificate is correctly imported, use:

keytool -list -v -keystore keystore.jks

You should see your imported certificate details listed.


Step 5: Use your JKS Keystore

Now you can use keystore.jks in your Java application or server (like Tomcat, Jetty, Spring Boot applications, etc.).

Example configuration (Tomcat server.xml):

<Connector port="8443" protocol="HTTP/1.1"
           SSLEnabled="true"
           scheme="https" secure="true"
           keystoreFile="/path/to/keystore.jks"
           keystorePass="YOUR_KEYSTORE_PASSWORD"
           clientAuth="false" sslProtocol="TLS" />

Replace paths/passwords with your details.


Important notes:

  • Store your keystore securely and protect the passwords.
  • Let’s Encrypt certificates expire every 90 days, so automate renewal and conversion into JKS if possible.

That’s it! Your Let’s Encrypt certificate is now in JKS format, ready for Java applications.

A sophisticated logo design for a Cypriot ethical hacker team, featuring a 3D metallic shield that incorporates the outline of Cyprus. Overlaid on the shield is a digital phoenix, symbolizing rebirth and resilience in the cybersecurity realm. The colors of the flag are present in the form of dynamic streaks across the shield. The team's name, 'Cyber Guardians CY', is embossed in bold, digital font along the lower part of the shield.

Enable BitLocker without TPM.

As technology advances, the need for security in our devices also increases. Windows 10 Pro offers a feature called BitLocker, which can help protect your files from unauthorized access. However, not all devices have a Trusted Platform Module (TPM) chip that BitLocker requires to function. Don’t worry, though, as there is still a way to enable BitLocker on your device without a TPM.

In this post, we will guide you through the process of enabling BitLocker on your Windows 10 Pro device without a compatible TPM. We have also included a video tutorial that you can follow along with.

Step 0: Check if your device has a compatible TPM.

Before we get started, you should check if your device has a compatible TPM. To do this, press the Windows key + R on your keyboard to open the Run dialog box. Type tpm.msc and press Enter. If your device has a TPM, you will see a window that shows its status.

Step 1:

Follow the steps in the video to change the configuration of BitLocker so that it will allow you to set it up without a compatible TPM.

Step 2: Enable BitLocker

If your device does not have a compatible TPM, we can still enable BitLocker by using a password or USB key instead. To enable BitLocker, right-click on the drive you want to encrypt and select “Turn on BitLocker.”

Step 3: Choose your preferred unlock method

When prompted to choose an unlock method, select “Enter a password” or “Insert a USB flash drive.” If you select the USB option, you will need to insert the USB drive before proceeding.

Step 4: Choose how much of your drive to encrypt

You can choose to encrypt only the used space or the entire drive. Select your preferred option and click “Next.”

Step 5: Choose where to store your recovery key

Your recovery key is a backup that you can use to access your files if you forget your password or lose your USB key. Choose whether to save the recovery key to your Microsoft account, save it to a file, or print it. Make sure to store your recovery key somewhere safe.

Step 6: Begin the encryption process

Once you have chosen your settings and saved your recovery key, click “Start encrypting.” The encryption process may take some time, depending on the size of your drive.

Congratulations! You have successfully enabled BitLocker on your Windows 10 Pro device without a compatible TPM.

Please refer to the accompanying video for a visual guide and demonstration of the steps outlined in this post.


Increase BitLocker to 256-bit

Encryption is an essential security measure that helps protect your sensitive data from unauthorized access. One of the most popular encryption tools available for Windows 10 Pro is BitLocker, which can encrypt your entire hard drive or specific folders and files. By default, BitLocker uses 128-bit encryption, which is considered secure but not the most robust option. If you want to increase the encryption key to 256 bits, which is the highest level of encryption currently available, follow these steps:

In summary, increasing your BitLocker encryption key to 256 bits is an easy way to add more security to your data. With 256-bit encryption, you can rest assured that your sensitive data is well protected.