Moje zdjęcie
Software Craftsman's Blog by Marcin Pieciukiewicz
Java and Scala development

Monday, September 5, 2016

Generating Java JKS keystore file from PEM files

Lately I had to configure SSL/https certificate for our Java based application. To do so I needed Java Key Store file (*.jks), that was not delivered by our certificate provider. Instead I had available only binary or text based certificate files. This means I had to generate JKS from those files. Below is the instruction how to do this:

You will need:
  1. Certificate file for your domain
  2. Private key for this certificate
  3. Intermediate certificates
  4. Root CA certificate
For certificate files I've used *.pem format as it is common and easy to handle (those are Base64 encoded text files).

So to generate JKS file from PEM files do this:

1. Bundle pem files into single file, The order of those files is very important, and should be like this: first main certificate, then intermediate certificates in the same order as they were on the page, and rootCA at the end)

$ cat certificate.pem inter1.pem inter2.pem inter3.pem inter4.pem rootCA.pem > bundle.pem

2. Generate pkcs12 (from bundle.pem and private.key)

$ openssl pkcs12 -export -inkey private.key -in bundle.pem -out yourdomain.com.p12 -name yourdomain.com

3. Generate *.jsk file

$keytool -importkeystore -destkeystore yourdomain.com.jks -srckeystore yourdomain.com.p12 -srcstoretype PKCS12 -alias yourdomain.com

In the end you will have yourdomain.com.jks file that can be imported to you application.

1 comment:

  1. Thanks for sharing such a wonderful Post with us. I learnt alot from your post. I am appreciating from you to you will share more
    information about it. Please keep sharing. Thanks Alot
    Sony laptop Service Center in Ameerpet, Hyderabad.
    Best Laptop Service Center in Ameerpet, Hyderabad.

    ReplyDelete