How to import an existing X.509 certificate and private key in Java keystore to use in SSL? How to import an existing X.509 certificate and private key in Java keystore to use in SSL? java java

How to import an existing X.509 certificate and private key in Java keystore to use in SSL?


java ssl jms activemq jks

I used the following two steps which I found in the comments/posts linked in the other answers:

Step one: Convert the x.509 cert and key to a pkcs12 file

openssl pkcs12 -export -in server.crt -inkey server.key \               -out server.p12 -name [some-alias] \               -CAfile ca.crt -caname root

Note: Make sure you put a password on the pkcs12 file - otherwise you'll get a null pointer exception when you try to import it. (In case anyone else had this headache). (Thanks jocull!)

Note 2: You might want to add the -chain option to preserve the full certificate chain. (Thanks Mafuba)

Step two: Convert the pkcs12 file to a Java keystore

keytool -importkeystore \        -deststorepass [changeit] -destkeypass [changeit] -destkeystore server.keystore \        -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password \        -alias [some-alias]

Finished

OPTIONAL Step zero: Create self-signed certificate

openssl genrsa -out server.key 2048openssl req -new -out server.csr -key server.keyopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Cheers!

java ssl jms activemq jks

Keytool in Java 6 does have this capability: Importing private keys into a Java keystore using keytool

Here are the basic details from that post.

  1. Convert the existing cert to a PKCS12 using OpenSSL. A password is required when asked or the 2nd step will complain.

    openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname root

  2. Convert the PKCS12 to a Java Keystore File.

    keytool -importkeystore -deststorepass [new_keystore_pass] -destkeypass [new_key_pass] -destkeystore [keystore.jks] -srckeystore [keystore.p12] -srcstoretype PKCS12 -srcstorepass [pass_used_in_p12_keystore] -alias [alias_used_in_p12_keystore]

java ssl jms activemq jks

Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore:

keytool -importkeystore \  -deststorepass storepassword \  -destkeypass keypassword \  -destkeystore my-keystore.jks \  -srckeystore cert-and-key.p12 \  -srcstoretype PKCS12 \  -srcstorepass p12password \  -alias 1

Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last