When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signed certificate of it, You can not create a key store with just one keytool command.
You need to go through following to get it done.
Step 1. Create PKCS 12 file using your private key and CA signed certificate of it. You can use openssl command for this.
openssl pkcs12 -export -in [path to certificate] -inkey [path to private key] -certfile [path to certificate ] -out testkeystore.p12
If your private key has a password, It would promote to enter the password of private key. You need to define a password for PKCS 12 file as well.
As an example, say i have a private key called “server.pem” and certificate with “servercret.pem”
asela@localhost:~/svn/demo/keystores/casigned$ openssl pkcs12 -export -in servercret.pem -inkey server.pem -certfile servercret.pem -out testkeystore.p12 Enter pass phrase for server.pem: Enter Export Password: Verifying - Enter Export Password: asela@localhost:~/svn/demo/keystores/casigned$
Step 2. Create JKS file using keytool command
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS
Created PKCS 12 file has been given as the source keystore and new file name (wso2carbon.jks) has been given as the destination keystore.
As an example,
asela@localhost:~/svn/demo/keystores/casigned$ keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled asela@localhost:~/svn/demo/keystores/casigned$
As an additional steps, you can change the private key password of the created JKS file and also the alias name for your private key entry.
Step 3 (Optional). Changing the password of private key file in keystore. More details from here as well
keytool -keypasswd -alias [Alias name for private key] -keystore [path to key store]
Step 4 (Optional). Change the alias name of the private key entry
keytool -changealias -keystore [path to key store] -alias [current alias]
By default [current alias] is set to “1”
Thanks for reading…!!! Also you can find more details on creating self signed KeyStore from here