Import pem certificate into jks
The trick is to export it to pkcs12 so that it can be imported by the java keytool.
Other ways of importing caused verification failures on the intermediate certificates for me.
openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12 # Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias> # Add intermediate certificates: # openssl x509 -in root.crt -outform der -out root.der # openssl x509 -in intermediate.crt -outform der -out intermediate.der # keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks # keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks |
When used in Tomcat this would become something like the following:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" /> |
Categories: Uncategorized