Importing a certificate into a Java keystore

This document describes the steps needed to import / convert a certificate into a Java Keystore. The Keystore can be used with Tomcat, or other Java applications.

Converting the certificate to PKCS12 format

Execute the following command to convert a x509 encoded certificate and private key to a PKCS12 encoded certificate:

openssl pkcs12 -export -in <certificate.crt> -inkey <certificate.key> -out <certificate.p12> -name <cert-name> -CAfile <cacert.pem> -caname <ca-name> -chain

Please write down the passphrase you used to encode the PKCS12 encoded certificate, you will need it in later steps.

Importing the PKCS12 certificate into a keystore

Convert the PKCS12 encoded certificate into a Java keystore, by executing:

keytool -importkeystore -srckeystore <certificate.p12> -srcstoretype PKCS12 -srcstorepass '<PKCS12 passphrase>' -alias tomcat -deststorepass '<keystore password> -destkeypass '<keystore password>' -destkeystore <keystore filename>

Adding the root CA into the keystore

keytool -import -trustcacerts -alias <CA> -file <cacert.pem> -keystore <keystore filename>

-- Ivo van Geel - 13 Jun 2013

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r2 - 15 Jul 2017 - IvoVanGeel
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 2010-2019 by LANIS