How to import a certificate into a Java Keystore file (JKS) including intermediate CA certificates.

Possible approach starting from current situation:

  1. Grab keystore file
  2. Export private key from keystore file
    1. keytool -v -importkeystore -srckeystore keystore.jks -srcalias certificatekey -destkeystore myp12file.p12 -deststoretype PKCS1
    2. openssl pkcs12 -in myp12file.p12 -out private.pem

Starting from a clean CSR file:

  1. Create CSR file with OpenSSL
  2. Offer certificate for signing bij the CA

To continue:

  1. Collect public certificate file, PKI-ca-bundle.pem file and private key files into one directory.
  2. Create an keystore file and clean it’s auto-generated context to wipe it clean.
    1. keytool -genkey -alias KPNCISO -keystore ciso.jks
    2. keytool -delete -alias KPNCISO -keystore ciso.jks
  3. Create a PKCS#12 file
    1. openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.crt -certfile PKI-ca-bundle.pem
  4. Import PKCS#12 file into cleaned keystore file
    1. keytool -v -importkeystore -srckeystore ciso.p12 -srcstoretype PKCS12 -destkeystore ciso.jks -deststoretype KPNCISO
  5. Keystore file is now ready for use and loaded with a certificate, all required intermediate certificates and private key in the KPNCISO context.
  6. Test service
  7. Write method in knowledge base

Leave a Reply

Your email address will not be published. Required fields are marked *