August 2016
« Jul   Nov »

How to create keystore/jks file from SSL certifcate and Private key

Recently I had a challenge to install SSL certificate on Java based web server. The customer has certificate file, CA bundle and private key file. During the Googling it is found that we can not generate JKS file directly from the given certificate and private key file. JKS/keypair creation procedure are showing below,

1. Generate Public-Key Cryptography Standards (PKCS) file from certificate and private key file.

[root@web12]# openssl pkcs12 -export -name s1as  -in -inkey -out

2. Create key store file from PKCS12 file.
Note : You should specify the exact name of keystore file name and alias name which was already set in expired certificate file configured on Tomcat/Glassfish server. My case, I’d hard-coded the alias name is s1as and keystore password. So keystore password,keystore file name and Alias names are retained this stage.

[root@web12]# keytool -importkeystore -destkeystore keystore.jks -srckeystore -srcstoretype pkcs12 -alias s1as

3. You need to download the java based SSL certificate bundled file (p7b/p7s format) which provided by the Certificate Authority and install in to created Key store file. This bundled ssl certificate file would have certificate along with their CA bundle/Root certificate included. We just need to import in to our Keystore file.

[root@web12]#keytool -import -keystore  keystore.jks  -alias s1as  -file

Now you have everything included in your JKS (keystore.jks) file which is protected by a keystore password. Keystore password should be set during the JKS file creation time as well as this file is being operated for any activities.

Note : The certificate file mydomain.crt itself resemble is a public key file which will match with private key file used to create during the CSR generation time.

Go and enjoy the SSL protection on your Java based web server.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>