Import private key and (signed) certificate into Java keystore (JKS) | Just my blog


Import private key and (signed) certificate into Java keystore (JKS)

Last monday, I had to 'secure' the smcwebserver from Sun (or should I say Oracle?), that is used by ARCo. But I run into a few issues:

  1. My lack of knowledge about Java;

  2. Keytool doesn't allow you to import keys generated by tools like openssl :-(

But... I was able to handle them both and know I have an smcwebserver (which is using Java-keystores) running with a key that was generated by openssl and a certificated signed by our enterprise CA.

There for I had to do some Java 'hacking'. After some hours spending on Google-searches, I landed on a posting on the website of 'Agent Bob'. He has some Java-program that allows you to 'import' keys and certificates that were generated outside keytool :-)

Although, I had to perform some minor modification on the Java-code, to set the password of the new JKS to 'changeit', because that is what smcwebserver will try to open the keystore. So, you need to make sure that line 87 is:

String keypass = "changeit";

For your convenience you can download the modified version here.

Now, create a Java class with the command (please note, I'm not a Java-specialist, so something else will work as well... but this worked for me ;-) ):
$ javac

Having this done, you must make sure, your key-file and (signed) certificate are in the DER format. If they are not, you can convert them using the following commands:
$ openssl pkcs -topk8
               -in server.key
               -out server.key.der
               -outform der

$ openssl x509 -in server.crt
               -out server.crt.der
               -outform der

We can import the keys with the Java-program:

$ java ImportKey server.key.der server.crt.der webconsole

And last, but not least, put the keystore in place (and of course we make sure we've a backup of the old one):

# cp /var/opt/webconsole/domains/console/conf/keystore.jks{,.backup}
# cp $HOME/keystore.ImportKey /var/opt/webconsole/domains/console/conf/keystore.jks

Now we have to restart the smcwebserver:

# smcwebserver stop
# smcwebserver start

That's all :-)

  • Social

  • By continuing to use the site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible and enable advertising to provide you free content. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.