You’ll need:

  • Private Key, created when we generate the Certificate Signing Request (CSR) file, we’ll name it private.key
  • Your CA signed SSL certificate, in X.509 format, named yourssl.crt
  • Intermediate Certificate from our CA, intermediateCA.crt
  • Root CA certificate, rootCA.crt
  • A name or alias for your certificate, we’ll use certalias
  • A name for CA certificates bundle, cabundle.crt
  • A name for your p12 format certificate, certbundle.p12
  • And, a name for your new keystore, certbundle.jks

First, bundle the root CA and Intermediate Certificate into one:

cat intermediateCA.crt rootCA.crt > cabundle.crt

Generate a certificate bundle in pkcs12 format:

openssl pkcs12 -export -chain -in yourssl.crt -inkey private.key -out certbundle.p12 -name certalias -CAfile cabundle.crt

Create a password for the bundle when prompted. After it’s done, convert it to jks format:

keytool -importkeystore -srckeystore certbundle.p12 -srcstoretype pkcs12 -srcalias certalias -destkeystore certbundle.jks -deststoretype jks -destalias certalias

The keystore should now be ready to use on your tomcat install.

By ikhsan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.