Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
With your private key and public certificate, you need to create a PKCS12 keystore first, then convert it into a JKS.
# Create PKCS12 keystore from private key and public certificate.openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12# Convert PKCS12 keystore into a JKS keystorekeytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
To verify the contents of the JKS, you can use this command:
keytool -list -v -keystore mykeystore.jks
If this was not a self-signed certificate, you would probably want to follow this step with importing the certificate chain leading up to the trusted CA cert.
A keystore needs a keystore file. The KeyStore
class needs a FileInputStream
. But if you supply null (instead of FileInputStream
instance) an empty keystore will be loaded. Once you create a keystore, you can verify its integrity using keytool
.
Following code creates an empty keystore with empty password
KeyStore ks2 = KeyStore.getInstance("jks"); ks2.load(null,"".toCharArray()); FileOutputStream out = new FileOutputStream("C:\\mykeytore.keystore"); ks2.store(out, "".toCharArray());
Once you have the keystore, importing certificate is very easy. Checkout this link for the sample code.