Reputation: 17407
Convert certificate in PKCS12 format for tomcat / JKS Keystore
I have following wildcard certificate files from GlobalSign Authority.
root.crt
intermediate.crt
private.key
I want to configure tomcat HTTPS using above cert files. I believe Tomcat support PKCS12 format.
How do i convert those certificate files in PKSC12 format? also how do i import them in tomcat keystore, specially intermediate cert?
Upvotes: 3
Views: 16687
Answers (1)
Reputation: 29814
Use openssl to create your PKCS12 file
First create a single intcacerts.pem file with your intermediate(s) and CA, pasted one after each other (they must be in PEM format).
Then call openssl
openssl pkcs12 -export -in myservercert.pem -inkey private.key -certfile intcacerts.pem -name "aFriendlyName" -out keyandcerts.p12
(myservercert.pem is the server certificate in PEM, intcacerts.pem contains the intermediate(s) and CA as described above, private.key is the private key associated with the server certificate)
The documentation for openssl pkcs12 is here
To convert the generated PKCS12 into a JKS keystore, do something like this
keytool -importkeystore -srckeystore keyandcerts.p12 -srcstoretype PKCS12 -destkeystore myJKS.jks
Upvotes: 9
Related Questions
- Need help converting P12 certificate into JKS
- How do I import a PKCS12 certificate into a java keystore?
- Convert public cert, private key, and certificate chain .pem files to jks keystore
- OpenSSL certificate is giving 'Invalid keystore format' in tomcat 8
- PKCS12 to JKS conversion failure
- how to add/convert certificate file into pkcs12 file
- Convert or import SSL certificate to java keystore
- How to convert the PKCS12 openssl keystore to JKS keytstore with Java Keytool
- SSL Certificates on a Tomcat Server
- CA PEM file to jks tomcat truststore