Import private key and (signed) certificate into Java keystore (JKS)

Last monday, I had to 'secure' the smcwebserver from Sun (or should I say Oracle?), that is used by ARCo. But I run into a few issues:

  1. My lack of knowledge about Java;

  2. Keytool doesn't allow you to import keys generated by tools like openssl :-(

But... I was able to handle them both and know I have an smcwebserver (which is using Java-keystores) running with a key that was generated by openssl and a certificated signed by our enterprise CA.

There for I had to do some Java 'hacking'. After some hours spending on Google-searches, I landed on a posting on the website of 'Agent Bob'. He has some Java-program that allows you to 'import' keys and certificates that were generated outside keytool :-)

Although, I had to perform some minor modification on the Java-code, to set the password of the new JKS to 'changeit', because that is what smcwebserver will try to open the keystore. So, you need to make sure that line 87 is:

String keypass = "changeit";

For your convenience you can download the modified version here.

Now, create a Java class with the command (please note, I'm not a Java-specialist, so something else will work as well... but this worked for me ;-) ):
$ javac

Having this done, you must make sure, your key-file and (signed) certificate are in the DER format. If they are not, you can convert them using the following commands:
$ openssl pkcs -topk8
               -in server.key
               -out server.key.der
               -outform der

$ openssl x509 -in server.crt
               -out server.crt.der
               -outform der

We can import the keys with the Java-program:

$ java ImportKey server.key.der server.crt.der webconsole

And last, but not least, put the keystore in place (and of course we make sure we've a backup of the old one):

# cp /var/opt/webconsole/domains/console/conf/keystore.jks{,.backup}
# cp $HOME/keystore.ImportKey /var/opt/webconsole/domains/console/conf/keystore.jks

Now we have to restart the smcwebserver:

# smcwebserver stop
# smcwebserver start

That's all :-)