I recently had to configure a server that uses a Java KeyStore for SSL certificate information. The issue was importing existing keys, and certs. After spending too much time on this, I’m writing a post about it so I never have to look for this info again.
Hopefully this is helpful to others as well.
Step 1: Add a password to your SSL key:
The SSL key requires a password in order for Java Keytool to import it:
1) openssl rsa -des3 -in www.route1337.com.key -out www.route1337.com.pwdkey
Step 2: Create an All-In-One PEM file
We need a single file that contains the SSL key, SSL Cert, and CABundle (in that order) for the conversion to PKCS12
1) cat www.route1337.com.pwdkey www.route1337.com.crt www.route1337.com.cabundle > aio.pem
Step 3: Convert the All-In-One PEM file to PKCS12
Java needs PKCS12 as a source to import into JKS KeyStores. The following command will convert the aio.pem to a PKCS12
1) openssl pkcs12 -export -out aio.pkcs12 -in aio.pem
Step 4: Create a Java KeyStore from your PKCS12 KeyStore
Now we create a Java KeyStore from the PKCS12 KeyStore. Note: The KeyStore password you create must be the same as the SSL key’s password from Step 1. Also the last destination KeyStore must not already exist.
1) keytool -v -importkeystore -srckeystore aio.pkcs12 -srcstoretype PKCS12 -destkeystore route1337JavaSite.jks
That’s it. You now have a Java KeyStore that contains SSL information that was already on hand.