Saturday 8 February 2014

Create keystore from certificates

I had a wildcard certificate that already been used previously on a few apacahe servers. so I had already generated a CSR.

To generate a new keystore from the existing certificates I used the following commands:

Create a pkcs12 keystore from the certificate using openssl:
openssl pkcs12 -export -in star_domain_com.crt -inkey star_domain_com.key -certfile DigiCertCA.crt -out keystore.p12
Convert the pkcs12 keystore into a jks keystore:
keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore -srcstoretype pkcs12
You can use the following command to check your keystore contents:
keytool -list -keystore keystore
Usually your certificate will be stored under the alias 1, you might want to change that to tomcat, use the command:
keytool -changealias -alias 1 -destalias tomcat -keystore keystore

Possibly Related Posts