Moje zdjęcie
Software Craftsman's Blog by Marcin Pieciukiewicz
Java and Scala development

Monday, September 5, 2016

Generating Java JKS keystore file from PEM files

Lately I had to configure SSL/https certificate for our Java based application. To do so I needed Java Key Store file (*.jks), that was not delivered by our certificate provider. Instead I had available only binary or text based certificate files. This means I had to generate JKS from those files. Below is the instruction how to do this:

You will need:
  1. Certificate file for your domain
  2. Private key for this certificate
  3. Intermediate certificates
  4. Root CA certificate
For certificate files I've used *.pem format as it is common and easy to handle (those are Base64 encoded text files).

So to generate JKS file from PEM files do this:

1. Bundle pem files into single file, The order of those files is very important, and should be like this: first main certificate, then intermediate certificates in the same order as they were on the page, and rootCA at the end)

$ cat certificate.pem inter1.pem inter2.pem inter3.pem inter4.pem rootCA.pem > bundle.pem

2. Generate pkcs12 (from bundle.pem and private.key)

$ openssl pkcs12 -export -inkey private.key -in bundle.pem -out yourdomain.com.p12 -name yourdomain.com

3. Generate *.jsk file

$keytool -importkeystore -destkeystore yourdomain.com.jks -srckeystore yourdomain.com.p12 -srcstoretype PKCS12 -alias yourdomain.com

In the end you will have yourdomain.com.jks file that can be imported to you application.