0

I have 3 separate .pem files:

publicCert.pem
privateKey.pem
CertificateChain.pem

I want to put these into a new java keystore.

I have seen this question asked and answered before, but with only 1 or 2 .pem files, not 3, and not specifically for a new jks.

Additionally the other web servers run on IIS, and are using SSL with a wildcard domain. example: *domain.com

Can I create a jks for a wildcard domain? Looks like that may be tricky?

Commands appreciated!

Jim P.
  • 1,077
  • 3
  • 8
  • 23
  • Possible duplicate of [Importing the private-key/public-certificate pair in the Java KeyStore](http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore) – jww Aug 05 '14 at 03:00
  • Not a duplicate... Its not a self-signed cert. I dont need to create a cert request for a provider to approve. I already have the cert info in PEM format, but JKS apparently needs a JKS created before it can then import files like DER that have been converted from PEM. The domain is a wildcard as mentioned above. I have scoured google, and stack, and there are bits and pieces everywhere, but nothing that puts the whole picture together. Please allow the community to answer. Thanks. – Jim P. Aug 05 '14 at 03:54
  • unfortunately, you have not provided the code or commands you have tried. It appears you haven't done anything and simply want an answer. That's not how Stack Overflow works. – jww Aug 05 '14 at 04:00
  • I guess it is really a multipart question... Do I need *all* 3 files to create a valid cert in JKS? What format should I convert them to? How to create a JKS with wildcard domain? When creating JKS, do the answers I give for company, city, state, etc have to match anything inside the key that I am trying to import? – Jim P. Aug 05 '14 at 04:02
  • Oh its not? You cant ask general questions and get answers, like the 456 upvoted answer this thread got? http://stackoverflow.com/questions/1091945/where-can-i-get-a-list-of-the-xml-document-escape-characters – Jim P. Aug 05 '14 at 04:04
  • Like I said, I have put in hours of research, setup an ubuntu environment so I can use openssl and keytool. Yes I am asking for answers, but it is not like I havent put some effort in. – Jim P. Aug 05 '14 at 04:06

1 Answers1

1

Build a PKCS12 file, then use Java's Keytool to convert to a Java keystore.

openssl pkcs12 -export -chain -inkey privateKey.pem -CAfile CertificateChain.pem -in publicCert.pem -out myp12file.p12

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12file.p12 -srcstoretype pkcs12 -destalias mykey -srcalias 1

It will ask you for passwords, too.

jbl
  • 21
  • 2