I recently had to configure a server that uses a Java KeyStore for SSL certificate information. The issue was importing existing keys, and certs. After spending too much time on this, I’m writing a post about it so I never have to look for this info again.
Hopefully this is helpful to others as well.
Step 1: Add a password to your SSL key:
The SSL key requires a password in order for Java Keytool to import it:
1) openssl rsa -des3 -in www.route1337.com.key -out www.route1337.com.pwdkey
Step 2: Create an All-In-One PEM file
We need a single file that contains the SSL key, SSL Cert, and CABundle (in that order) for the conversion to PKCS12
1) cat www.route1337.com.pwdkey www.route1337.com.crt www.route1337.com.cabundle > aio.pem
Step 3: Convert the All-In-One PEM file to PKCS12
Java needs PKCS12 as a source to import into JKS KeyStores. The following command will convert the aio.pem to a PKCS12
1) openssl pkcs12 -export -out aio.pkcs12 -in aio.pem
Step 4: Create a Java KeyStore from your PKCS12 KeyStore
Now we create a Java KeyStore from the PKCS12 KeyStore. Note: The KeyStore password you create must be the same as the SSL key’s password from Step 1. Also the last destination KeyStore must not already exist.
1) keytool -v -importkeystore -srckeystore aio.pkcs12 -srcstoretype PKCS12 -destkeystore route1337JavaSite.jks
That’s it. You now have a Java KeyStore that contains SSL information that was already on hand.
Matthew Ahrenstein
Security Focused SRE for an amazing company, hiker, amateur radio operator, target shooter, developer, and cryptocurrency enthusiast.
Author's Website Author's Twitter Author's LinkedIn Author's Github Author's Keybase.io Author's GPG Key