Importing an existing SSL key/certificate pair into a Java keystore
You need: Java 6 and openssl.
1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.
2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).
3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.
For the sake of completeness here’s the output of a full session I performed:
$ openssl pkcs12 -export -in host.crt -inkey host.key > host.p12 Enter pass phrase for host.key: Enter Export Password: Verifying - Enter Export Password: $ keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12 Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled