How to Generate a Java Keystore from .crt and .pem Files

Assuming you just bought a certificate and you want to integrate it into your web application server (tomcat, jetty, etc.), you need to store your certificate in a so called java keystore. Following is the code to take the hopefully delivered .pem and .crt files and integrate them into a keystore. First of all, you need an intermediate step and convert them into the p12-format. Afterwards, you can simply import it into a keystore which is automatically generated by this command. If the keystore already exists, it will be expanded.

If you are not sure, if you have the correct files. Just check out how the contents of a pem or a crt file should look like.

openssl pkcs12 -export -in domain.crt -inkey domain.key -certfile intermediate.crt -name name -out keystore.p12

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore -deststoretype JKS

Leave a Comment

comments powered by Disqus