How can I create keystore from an existing certificate (abc.crt) and abc.key files?

SslKeytool

Ssl Problem Overview

I am trying to import a certificate and a key file into the keystore but I'm unable to do that.

How can I create a keystore by importing both an existing certificate (abc.crt) and abc.key files?

Ssl Solutions

Solution 1 - Ssl

The easiest is probably to create a PKCS#12 file using OpenSSL:

openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12

You should be able to use the resulting file directly using the PKCS12 keystore type.

If you really need to, you can convert it to JKS using keytool -importkeystore (available in keytool from Java 6):

keytool -importkeystore -srckeystore abc.p12 \
        -srcstoretype PKCS12 \
        -destkeystore abc.jks \
        -deststoretype JKS

Solution 2 - Ssl

You must use OpenSSL and keytool.

OpenSSL for CER & PVK file > P12

>openssl pkcs12 -export -name servercert -in selfsignedcert.crt -inkey serverprivatekey.key -out myp12keystore.p12

Keytool for p12 > JKS

>keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

Solution 3 - Ssl

Adding to @MK Yung and @Bruno's answer.. Do enter a password for the destination keystore. I saw my console hanging when I entered the command without a password.

openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12 -name localhost  -passout pass:changeit

Solution 4 - Ssl

In addition to @Bruno's answer, you need to supply the -name for alias, otherwise Tomcat will throw Alias name tomcat does not identify a key entry error

Sample Command: openssl pkcs12 -export -in localhost.crt -inkey localhost.key -out localhost.p12 -name localhost

Solution 5 - Ssl

If the keystore is for tomcat then, after creating the keystore with the above answers, you must add a final step to create the "tomcat" alias for the key:

keytool -changealias -alias "1" -destalias "tomcat" -keystore keystore-file.jks

You can check the result with:

keytool -list -keystore keystore-file.jks -v

Solution 6 - Ssl

Ideally you should have received 3 files: ca_bundle.crt yourname.crt yourname.key

Use the following command to create the pk cs 12 version of it with:

openssl pkcs12 -export -out yourname.pfx -inkey yourname.key -in yourname.crt -certfile ca_bundle.crt

Then you will need to import it into key store that is easy to configure in Apache

keytool -importkeystore -srckeystore yourname.pfx -srcstorepass yourpassword -srcstoretype pkcs12 -destkeystore yourkeystore.jks -deststoretype jks -deststorepass yourkeystorepassword
Categories
Recommended Ssl Solutions
Recommended Keytool Solutions

Previous Solution:

How do I view the storage of a Chrome Extension I've installed?

Google ChromeGoogle Chrome-ExtensionLocal StorageGoogle Chrome-Devtools

Next Solution:

How to clone or re-dispatch DOM events?

JavascriptEventsDomWebkit

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionRavi JainView Question on Stackoverflow
Solution 1 - SslBrunoView Answer on Stackoverflow
Solution 2 - SslShivan A.View Answer on Stackoverflow
Solution 3 - SslSwarnaView Answer on Stackoverflow
Solution 4 - SslMK YungView Answer on Stackoverflow
Solution 5 - SslTheoView Answer on Stackoverflow
Solution 6 - SslDiceyusView Answer on Stackoverflow