How to import a certificate to Java Key Store (JKS)

Java programming topics
Post Reply
User avatar
Saman
Lieutenant Colonel
Lieutenant Colonel
Posts: 828
Joined: Fri Jul 31, 2009 10:32 pm
Location: Mount Lavinia

How to import a certificate to Java Key Store (JKS)

Post by Saman » Thu Nov 11, 2010 6:37 pm

  1. First we need to prepare the private key and certificate in DER format. Usually we have them in plain format such as PEM as below.

    Code: Select all

    -----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgIHKzDzMq1TIjANBgkqhkiG9
.........
.........
w0BAQUFADCByjELMAkGA1UEkEPuDa6PsFscQA==
-----END CERTIFICATE-----
    Say you have key.pem and cert.pem as your private key and certificate files (in PEM format).

    Code: Select all

    openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
    Now you have key.DER and cert.DER created with you.
  2. Next download the attached file.
    ImportKey.zip
    (3.97 KiB) Downloaded 358 times
    It includes both the source and a class file. You can use the class file for now.
  3. Run the following command as below to import these files to JKS.

    Code: Select all

    user@host:~$ java ImportKey key.der cert.der
    Output:

    Code: Select all

    Using keystore-file : /home/user/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias:importkey  Password:importkey
    Now we have a proper JKS containing our private key and certificate in a file called keystore.ImportKey, using 'importkey' as alias and also as password. For any further changes, like changing the password we can use keytool.
  4. You can change password using following commands.

    Code: Select all

    keytool -storepasswd -keystore /root/keystore.ImportKey
    Enter importkey as current password and enter your new password 2 times.

    Code: Select all

    keytool -keypasswd -alias importkey -keystore /root/keystore.ImportKey
    Enter the new password you put in the previous step, then enter importkey once. After that you are allowed the provide the new password. Enter the same two times.
  5. Now you need to add certificate authority. Lets assume you use GoDaddy.
    Download the CA certificate using,

    Code: Select all

    wget –no-check-certificate https://certificates.godaddy.com/repository/sf_issuing.crt
    Add that to your key file using following command.

    Code: Select all

    keytool -import -alias intermed -file sf_issuing.crt -keystore /root/keystore -storepass changeit -trustcacerts
Top
User avatar
Nipuna
Moderator
Moderator
Posts: 2729
Joined: Mon Jan 04, 2010 8:02 pm
Location: Deraniyagala,SRI LANKA

Re: How to import a certificate to Java Key Store (JKS)

Post by Nipuna » Thu Nov 11, 2010 7:32 pm

Friend you are Doing a Great Service for Us.

I Learned about how to make an text out put from Java from your Previous Post.

Thanks
Top
Post Reply

Return to “Java Programming”