Most JAVA applications expect cryptographic files in either JKS format or P12(PFX or PKCS12) format. But in general, we create the private key first and then CSR (certificate signing request). After that, we will submit the CSR to trusted CAs like letsencrypt, DigiCert…etc.
So in the end, we will end up with a private key, a certificate, and the CA chain (CA certs won’t be available for the self-signed certificate.)
Steps to create JKS from key and cert.
- Create the completed certificate chain by combining all the certs. The order should be leaf cert, any intermediate certs, and root CA cert(intermediate certs and root CA cert are optional for self-signed certs).
- Created the PKCS12/PFX file using the below command
$openssl pkcs12 -export -out keystore.pkcs12 -in fullchain.pem -inkey privkey.pem3. Convert the PKCS12/PFX to the JKS file using the below command.
$keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jksMore blogs that are related to day-to-day DevOps tasks are on the way, please follow me for getting notifications.