Creating a Keystore in PKCS12 Format

To create a PKCS12 keystore from your private key file, certificate, and root public certificate, use the following command:

openssl pkcs12 -export -out corp_cert_chain.pfx -inkey <private-key>.key -in <cert.cer> -certfile <root_intermediate>.cer

Examples

# Concatenate Intermediate and Root CA certificates cat <Intermediate_cert> <RootCA_cert> > ca-chain.pem
# Create a PKCS12 keystore from the server key and certificate openssl pkcs12 -export -inkey server.key -in server.pem -certfile ca-chain.pem -out keystore.pfx
# Convert PKCS12 keystore to JKS keytool -v -importkeystore -srckeystore keystore.pfx -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS -srcalias 1 -destalias `hostname -f`

Importing Intermediate Certificates to Truststore

To import missing intermediate certificates into the truststore:

keytool -import -keystore truststore.jks -file <Intermediate_cert> -alias "Intermediate_cert"
keytool -import -keystore truststore.jks -file <Root_cert> -alias "Root_cert"


  Last updated