Import private key and certificate into java keystore
Posted in Operating Systems, Linux, Fedora, Debian, Suse, Red Hat, Tools, Services on Monday, January 14, 2013 by cam
How to import RSA private key into java keystore for tomcat
# You need:
# Your CA signed certificate (acme.com)
# Your private key (RSA)
# Your CA intermediate Certificate
# Import the certificates and key into a PKCS12 bundle
openssl pkcs12 -export -in certs/acme.com.crt -inkey acme.com.key -CAfile certs/DigiCertCA.crt -name "acme.com-2013-2014" -out acme.com.p12
(Remember the password you assigned it)
# Check if it worked:
openssl pkcs12 -in acme.com.p12 -info
# Import the PKCS12 bundle into a java keystore:
keytool -importkeystore -deststorepass YOUR-PASSWORD -destkeystore acme-keystore -srckeystore acme.com.p12 -srcstoretype PKCS12 -srcstorepass YOUR-PASSWORD
Entry for alias acme.com-2013-2014 successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
# Check your keystore:
keytool -list -keystore acme-keystore
Output should be similar to:
Enter keystore password: YOUR-PASSWORD Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: acme.com-2013-2014 Creation date: Jan 3, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: -----BEGIN CERTIFICATE-----
keytool -list -keystore acme-keystore Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry acme.com.au-2013-2014, Jan 3, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E
# And match it against the import:
openssl x509 -fingerprint -in certs/acme.com.au.crt -noout SHA1 Fingerprint=FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E