Kohei Nozaki's blog 

Creating Java KeyStore from X.509 certificate

Posted on Friday Feb 06, 2015 at 10:00PM in Technology


  • Oracle JDK 8u20

  • OpenSSL 0.9.8zc 15 Oct 2014

  • A certificate bought from RapidSSL


  • key.pem: Private key (Created with openssl command as I wrote in previous posting)

  • certificate.txt: Certificate which sent from the seller via email

  • intermediate_ca.txt: Intermediate CA which sent from the seller via email

Create CAFile

curl -O https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
cat intermediate_ca.txt ca-bundle.crt > allcacerts.crt

Create PKCS12 key store

openssl pkcs12 -export -chain -CAfile allcacerts.crt -in certificate.txt -inkey key.pem -out mykeystore.pkcs12 -name java

Create Java KeyStore

keytool -importkeystore -srckeystore mykeystore.pkcs12 -srcstoretype pkcs12 -srcalias java -destkeystore mykeystore.jks -deststoretype jks -destalias mykey

Show list of entries in key store

keytool -v -list -storetype jks -keystore mykeystore.jks

Now mykeystore.jks is usable for application built upon Java.

No one has commented yet.

Leave a Comment

HTML Syntax: NOT allowed