Add SSL certificate to a JKS storage

I have started doing this quite a lot these days so I’d better put a post up here to get rid of all the Google searching 🙂 It’s not that complicated but I know I will forget if I don’t do it for a while.

Lets start with the .p12 file. This is the file that we are going to put into the jks container. For this we have a .crt and .key file from our CA.

First we need to remove any password from the key file

openssl rsa -in server.key -out server.key_nopasswd

You will be prompted for the password of your .key file

Once the key file is without a password we can create the .p12 file

openssl pkcs12 -export -name somename -in server.crt -inkey server.key_nopasswd -out keystore.p12

Now we have the .p12 file. Time to put it into the jks container

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias somealias

Lastly we need the CA certificate

keytool -import -keystore mykeystore.jks -file someca.crt -alias someotheralias

That is pretty much it!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>