problem: You want to use your existing private key and certIt is not immediately obvious how to do this with Java's keytool. It took me a good while to figure out, so I'm documenting here.
solution: Java 6 can treat a PKCS12 file as a keystoreWith Java 6 keytool, one can import a PKCS12 file as a keystore, here are the steps I used.
First, convert PEM format key/cert to a PKCS12 format cert
Then use keytool to import the PKCS12 cert$ openssl pkcs12 -export -in thedomain.com.crt -inkey thedomain.com.key -out thedomain.com.p12
My understanding is, that if you have access to a version 6 keytool, then one can use the generated file keystore from 6 on older Java versions, but don't quote me on that.$ keytool -importkeystore -destkeystore thedomain.com.keystore -srckeystore thedomain.com.p12 -srcstoretype PKCS12 -alias 1
Related: Generating a 2048 bit RSA private key and CSRIt worth mentioning that, if your just looking to generate a 2048 bit key/cert with keytool, to get a CSR for an SSL certificate authority, then you'd want to use something like this:
Then to get the CSR:$ keytool -genkey -keyalg RSA -keysize 2048 -keystore thedomain.com.keystore -alias thealias
Then when you get the cert back from the CA, import with keytool:$ keytool -keyalg RSA -keystore thedomain.com.keystore -alias thealias -certreq -file thedomain.com.csr
$ keytool -importcert -trustcacerts -keystore thedomain.com.keystore -alias thealias -file thedomain.com.crt
Free class 1 SSLI have used these methods to get free SSL class 1 protection from http://www.startssl.com.
NCSA CyberSecurity @ University of Illinois
Graham Leggett @ Cunning blog
Knowledge Base @ Comdo
Post a Comment