I was looking for simple instructions on how to convert a certificate to a keystore. Here is my simplified version.
- Build the certificate chain into a single file.
cat server.pem intermediate.pem root.pem > import.pem
- Convert the private key and merged certificate files into a PKCS12 file.
openssl pkcs12 -export -in import.pem -inkey server.key -name serverHostName > server.p12
Import the PKCS12 file into Java Keystore (JKS).
Note: Java 9 changed the default Java Keystore to PKCS#12. The following is only required for Java 8, or applications that have JKS dependency. See JEP 229: Create PKCS12 Keystores by Default
keytool -importkeystore -srckeystore server.p12 -destkeystore keystore.jks -srcstoretype pkcs12 -alias serverHostName
If you are using PKCS#12 as your keystore, edit the
JAVA_HOME/jre/lib/security/java.security file and change the default keystore type as shown below:
# Default keystore type. keystore.type=pkcs12