Using java keytool to import private key into JKS java keystore

I got question how to import the private key to JKS keystore.
According to some resources it is not possible with standard tools.

Answer is to use the -importkeystore option of java keytool. Keytool allows conversion between the different keystore types which are currently known to your java virtual machine.
For example you can import key+certificate from PKCS12 format (extensions .p12 or .pfx in Windows world).

keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -destkeystore server.jks -deststoretype jks

If you have key and certificate in PEM format you can easily convert it to pkcs12 with openssl
#Join key, certificate and certs of certification authority to one file
cat server_key.pem server_cert.pem server_cacert.pem > server.pem
#Convert to PKCS12
openssl pkcs12 -export -out server.p12 -in server.pem

Relevant links:

1 comment: