Convert public cert, private key, and certificate chain .pem files to jks keystore

Question

I have 3 separate .pem files:

publicCert.pem
privateKey.pem
CertificateChain.pem

I want to put these into a new java keystore.

I have seen this question asked and answered before, but with only 1 or 2 .pem files, not 3, and not specifically for a new jks.

Additionally the other web servers run on IIS, and are using SSL with a wildcard domain. example: *domain.com

Can I create a jks for a wildcard domain? Looks like that may be tricky?

Commands appreciated!

Answer 1

You can create .p12 keystore first of all and then convert it to jks

openssl pkcs12 -export -in cert.pem -inkey key.pem \
-out keystore.p12 -name my_cert

you creates keystore .p12 with certificate cert.pem with open key key.pem under cert alias my_cert

Then you can conver p12 to jks like this:

keytool -importkeystore -deststorepass 111111 -destkeypass 111111 -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass 111111 -alias my_cert

For add another keys in jks use command

keytool -importcert -file chain.txt -keystore keystore.jks -alias root

If you want convert .cer to .pem (because you need add in keystore only .pem), you can use command

openssl x509 -inform der -in certificate.cer -out certificate.pem

Answer 2

Build a PKCS12 file, then use Java's Keytool to convert to a Java keystore.

openssl pkcs12 -export -chain -inkey privateKey.pem -CAfile CertificateChain.pem -in publicCert.pem -out myp12file.p12

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12file.p12 -srcstoretype pkcs12 -destalias mykey -srcalias 1

It will ask you for passwords, too.