Java keytool: import private key into Java key store (JKS) 

There are 2 notes for this topic, click above title to see all notes.

January 11, 2017 00:40:37    Last update: January 11, 2017 00:41:41
Thank you very much for these instructions. Based on these, I was able to implement a script to automate the conversion of regular certificate/key pair into a JKS.

Apparently, the keytool-executable has improved since this "recipe" was written. Instead of renaming the alias later, it is now possible to specify separate source and destination aliases at the time of importing:
keytool -importkeystore -srckeystore openssl_ca3.p12 -srcstoretype PKCS12 -srcalias 1 -destalias meow

Also, for people doing this in order to use Tomcat with SSL, it is quite important to have the key saved inside the keystore to use the same password as the store's own:
keytool -importkeystore	\
	-srckeystore $p12	\
	-destkeystore "$keystoreFile"	\
	-srcstoretype PKCS12	\
	-srcalias 1	\
	-destalias "$keyAlias"	\
	-keypass "$keystorePass"	\
	-srcstorepass "$keystorePass"	\
	-deststorepass "$keystorePass"	\

Share |
| Comment  | Tags