Import Key Pair to Java Keystore
This section describes how to import an existing private/public key pair into Java keystore. This is useful if you have your own tools for generating a CA signed key pair. The procedure assumes you already have the root and intermediate certificates as well as the private key and its signed certificate.
To import an existing key pair:
-
Build the certificate chain and convert the private key and certificate files into a PKCS12 file.
cat myhost.pem intermediate.pem root.pem > import.pem openssl pkcs12 -export -in import.pem -inkey myhost.key.pem -name shared > server.p12
-
Import the PKCS12 file into Java keystore:
keytool -importkeystore -srckeystore server.p12 -destkeystore store.keys -srcstoretype pkcs12 -alias shared
-
Finally, to complete the preparation of the Java keystore, perform the procedures for creating the server and client truststore described in the previous section.