Converting PEM-format keys to JKS format

The Endeca Key Importer is a certificate conversion utility that allows you to convert PEM-format certificates to the standard Java KeyStore (JKS) format.

With the Endeca Key Importer utility, you can:

Convert the eneCert.pem certificate file to a keystore.ks keystore file.
Convert the eneCA.pem Certificate Authority file to a truststore.ks truststore file.

The Java keystores can then be used for communication between Endeca components that are configured for SSL (for example, between an EAC Agent and the MDEX Engine if both are SSL-enabled).

The Endeca Key Importer utility is provided as a JAR file, which is named endeca-key-importer.jar and is shipped in the $ENDECA_ROOT/lib/java directory for UNIX platforms and %ENDECA_ROOT%\lib\java for Windows platforms.

The usage syntax for the utility is:

endeca-key-importer.jar input_dir output_dir password

where:

input_dir is the directory that contains the eneCert.pem and eneCA.pem certificates.
output_dir is the destination directory for the keystore.ks and truststore.ks converted files.
password is the passphrase for the keystores. Note that this should also be the passphrase of the original eneCA.pem certificate.

A passphrase that contains spaces or special characters may be double-quoted or escaped according to the rules of your command shell. Note that the Key Importer utility will neither accept nor create key materials that are not protected with a passphrase.

This example on a Windows platform shows how to run the utility:

java -jar %ENDECA_ROOT%\lib\java\endeca-key-importer.jar pems keystores mypass

In the example, pems is the directory that contains the PEM certificates, keystores is the destination directory for the keystores, and mypass is the password for the certificates.

When the command finishes, it outputs instructions as to how to run the Java keytool utility that you can use to validate both resulting keystores.