Import Public Private key pair to a Keystore

Question

I have created a public private key pair using the KeyPairGenerator class in Java. From this key pair I have generated the CSR request using the PKCS10 class which has been sent to a CA for verification. The question is how do I load this public private key pair into a keystore? I cant use KeyStore.SetKeyEntry as it requires a certificate parameter along with the private key.

I thought that I would have to wait for the CA to send back a certificate which should then be used for loading the key pair. But If I create the keystore using the keytool command -

keytool -genkey -keyalg RSA -keysize 2048 -sigalg sha1withRSA -alias aliasname -validity 365 -keystore keystorename

and then load this keystore into the Java keystore class, the keystore object contains a privatekeyentry and a CertificateEntry. How is this possible without obtaining a certificate back from the CA.

Answer 1

The keytool command that you used creates a self-signed certificate. When you receive the new certificate signed by the CA, you can import that certificate into the keystore, which will then replace the self-signed certificate.

About your Java question, you will either need to generate a self-signed certificate based on the public key that you created (and signed by the private key), or you will need to wait for the CA to return your signed certificate and use that with the private key in SetKeyEntry.