If you have a PEM file (e.g. server.pem
) containing:
then you can import the certificate and key into a JKS keystore like this:
1) Copy the private key from the PEM file into an ascii file (e.g. server.key
)
2) Copy the cert from the PEM file into an ascii file (e.g. server.crt
)
3) Export the cert and key into a PKCS12 file:
$ openssl pkcs12 -export -in server.crt -inkey server.key \
-out server.p12 -name [some-alias] -CAfile server.pem -caname root
-CAfile
option.winpty
to the start of the command so the export password can be entered.4) Convert the PKCS12 file to a JKS keystore:
$ keytool -importkeystore -deststorepass changeit -destkeypass changeit \
-destkeystore keystore.jks -srckeystore server.p12 -srcstoretype PKCS12 \
-srcstorepass changeit
srcstorepass
password should match the export password from step 3)