0

I have a SSL certificate I'm trying to import in a Java keystore in order to switch some old application to SSL. I am unfamiliar with everything Java. I have the .crt, .key and .ca bundle files but not clue what formats they're in.

com.cabundle:

-----BEGIN CERTIFICATE-----
MIIEkjC....

com.crt:

-----BEGIN CERTIFICATE-----
MIIGDjCCBPag...

com.key:

-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBg.....

I've tried following this guide: https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html but I get all sorts of garbage errors I can't make anything out of. I just don't get it.

My java configuration file needs this:

# SSL configuration (disabled by default)
# ssl-enabled=true|false
# ssl-key-store=
# ssl-key-store-password=
# ssl-key-store-type=jks

How can I do this?

Improve this question

1 Answer 1

Reset to default
2

These are PEM format certificates. Before they can be imported, you must merge them into a PKCS12 format cert

openssl pkcs12 -export -in com.crt -inkey com.key -out temp.p12 -name com -CAfile com.cabundle -caname root -chain

Ensure you assign a password - keytool won't import passwordless PKCS12 files

keytool -importkeystore -deststorepass [your-password-here] -destkeypass [your-password-here] -destkeystore out.jks -srckeystore temp.p12 -srcstoretype PKCS12 -srcstorepass password-created-in-last-step -alias whatever
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

I get this error when I try to import the key in the keystore: keytool error: java.lang.Exception: Input not an X.509 certificate
see my edit - I thought keytool took PEM natively. It does not
what does the "-alias com" part do? should I change "com" back to my domain name? what I have is a wildcard certificate for *.example.com
alias is the name of the certificate within the keystore. It can be anything you want
I assume I have to import the CA certificate and key file as well?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.