Skip to Content »

Tech Life of Recht » Creating a keystore from a PKCS12 file

Creating a keystore from a PKCS12 file

  • July 23rd, 2006
  • 8:13 pm

Mostly so that I’ll remember it myself: If you have an OpenSSL certificate for Apache mod_ssl or something like that, and would like to use it in Java (e.g. for Tomcat), here’s the way to convert it:

keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts \
  -file $rootCert

openssl pkcs12 -export -in ssl.domain.com.crt \
  -inkey ssl.domain.com.key -out java.keystore \
  -name newcert -caname root -chain -CAfile $rootCert

For standalone, the new keystore can be used by setting the following properties:

javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.keyStore=java.keystore
javax.net.ssl.keyStoreType=pkcs12

Want your say?

* Required fields. Your e-mail address will not be published on this site

You can use the following XHTML tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>