1. Security Guide
  2. Java KeyStore Preparation
  3. Import Key Pair to Java Keystore

Import Key Pair to Java Keystore

This section describes how to import an existing private/public key pair into Java keystore. This is useful if you have your own tools for generating a CA signed key pair. The procedure assumes you already have the root and intermediate certificates as well as the private key and its signed certificate.

To import an existing key pair:

  1. Build the certificate chain and convert the private key and certificate files into a PKCS12 file. 

    cat myhost.pem intermediate.pem root.pem > import.pem
openssl pkcs12 -export -in import.pem -inkey myhost.key.pem
-name shared > server.p12

  2. Import the PKCS12 file into Java keystore: 

    keytool -importkeystore -srckeystore server.p12
-destkeystore store.keys -srcstoretype pkcs12 -alias shared

  3. Finally, to complete the preparation of the Java keystore, perform the procedures for creating the server and client truststore described in the previous section.