![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
Import SSL certificate and keystore
If you would like to import a CRT and key file into a java keystore convert it to a PKCS12 file using the following command:
openssl pkcs12 -export -in input.crt -inkey input.key -certfile root.crt -out bundle.p12
Once converted to PKCS12 it can be imported (converted) into a Java keystore using the following:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore bundle.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias 1
Keychain PKCS12
For some reason the PKCS12 file exported from the keychain didn't work. So to use a file exported from keychain we first need to convert it into a PEM format
openssl pkcs12 -in Certificates.p12 -out cert.cer -nodes
Once converted to PEM a separate PKCS12 file can be created using the following command
openssl pkcs12 -export -in cert.cer -inkey cert.cer -out bundle.p12
The generated PKCS12 can be converted into a Java keystore with the command shown above.
Credit to http://cunning.sharp.fm/2008/06/importing%5Fprivate%5Fkeys%5Finto%5Fa.html
The keystore file should be referenced in the server.xml configuration file in tomcat.
Java Keytool Commands for Creating and Importing
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Java Keytool Commands for Checking
If you need to check the information within a certificate, or Java keystore, use these commands.
Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
Other Java Keytool Commands
Delete a certificate from a Java Keytool keystore
keytool -delete -alias mydomain -keystore keystore.jks
Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Credit to http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
