Notepad should save this file as privateKey.key.txt. Rename the new Notepad file extension to.key. You can repeat the same copy process for any other corresponding certificate files needed that is provided by the certificate.txt file. You now have certificate.crt and privateKey.key files created from your certificate.pfx file.
Recently I got the request to manually create a Java keystore (.jks) to be used on a linux-based webserver.
Generate a Self Signed Certificate using Java Keytool Now that you know when to use a Keytool self signed certificate, let's create one using a simple Java Keytool command: Open the command console on whatever operating system you are using and navigate to the directory where keytool.exe is located (usually where the JRE is located, e.g. Steps to create RSA key, self-signed certificates, keystore, and truststore for a server. Generate a private RSA key. Openssl genrsa -out diagserverCA.key 2048 Create a x509 certificate. Openssl req -x509 -new -nodes -key diagserverCA.key -sha256 -days 1024 -out diagserverCA.pem. Download your new certificate; save it as mydomain.crt. Use the same alias as the private key so it associates them together. The alias here must match the alias of the private key in the first command. Keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks.
The certificate to be used had two “issues”:
- It was provided as a .pfx file
- It didn’t contain the certificates of the intermediate CAs
Since I use a Windows 10 workstation, I had to assure, that Java was installed, in my case version 1.8.
So, in order to fulfill this request, the following steps were necessary:
- Create a folder to collect all necessary files in. In my case, this was d:cert.
- Copy the following files to this folder
- The source .pfx file.
- The certificate of the root CA of the certificate.
- The certificate(s) of all intermediate CAs existing in the trust chain of the certificate.
In my case the folder contained the following files:
Keytool Create Keystore From Pem
- wildcard.pfx
- AddTrustExternalCARoot.crt
- COMODORSAAddTrustCA.crt
- COMODORSAOrganizationValidationSecureServerCA.crt
Now, we’ll use the keytool command inside the java installation folder (in my case C:Program FilesJavajre1.8.0_201bin to create the keystore and put all necessary files in there.
The first command puts the root CA’s certificate into the keystore. Since the key store doesn’t exist, it will create it automatically:
Note: Please replace the “xxx” behind “-storepass” with a reasonable password.
Now we import the other two CA certificates the same way:
In order to import the certificate, we first have to reveal the alias used. To do so, run the following command:
Open the file cert.txt and look for the line starting with “Aliasname:“. You’ll need it in the next step.
The last step is now to import the certificate and its private key into the keystore by running the following command:
Generate Key From Crt Keytool Mac
Note: Please replace the “qqq” behind “-srcalias” with the alias, you noted in the previous step and the “xxx” behind “-deststorepass” with the password for the .jks file.
Generate Jks File From Crt And Key Using Keytool
Now you can import the file to the destination machine and configure the web server to use it.