How to convert certificate from PEM to JKS?

by

You aren’t clear which files you combined, but it should work to
use openssl to combine the cert and private key to a PKCS#12:

cat cert_public_key.pem cert_private_key.pem >combined.pem
openssl pkcs12 -export -in combined.pem -out cert.p12

or on the fly but (update:) the privatekey must be first:

cat cert_private_key.pem cert_public_key.pem | openssl pkcs12 -export -out cert.p12

If your cert needs any chain cert(s) — the CA should have told you this when you submitted
the CSR and they issued the cert — it’s easiest to also include it(them) now.

Then (1) some Java programs can actually use a pkcs12 directly as a keystore,
but (2) if you need or prefer a JKS use keytool:

keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -destkeystore cert.jks

If you care about the alias in the resulting JKS, easiest to fix it after converting.

Also: just changing the labels in an encrypted PEM doesn’t unencrypt it, nor does changing
the label from generic PKCS#8 to RSA actually change the data to match (and they are different,
though only a little). If you do want a separate PEM file with the decrypted private key:

openssl pkey -in encryptedpk8 -out clearpk8.pem # 1.0.0 up
openssl pkcs8 -in encryptedpk8 -out clearpk8.pem # 1.0.0 up 
openssl pkcs8 -topk8 -nocrypt -in encryptedpk8 -out clearpk8.pem # below 1.0.0
openssl rsa -in encryptedpk8 -out clearrsa.pem

More Related Contents:

  1. Trusting all certificates using HttpClient over HTTPS
  2. How to import an existing X.509 certificate and private key in Java keystore to use in SSL?
  3. why doesn’t java send the client certificate during SSL handshake?
  4. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  5. Import PEM into Java Key Store
  6. How to programmatically set the SSLContext of a JAX-WS client?
  7. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  8. Caused by: java.security.UnrecoverableKeyException: Cannot recover key
  9. PKIX path building failed in Java application
  10. How do I do TLS with BouncyCastle?
  11. How to build a SSLSocketFactory from PEM certificate and key without converting to keystore?
  12. Can we load multiple Certificates & Keys in a Key Store?
  13. How can I use different certificates on specific connections?
  14. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  15. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  16. Problems using Maven and SSL behind proxy
  17. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  18. Java SSL: how to disable hostname verification
  19. Problems connecting via HTTPS/SSL through own Java client
  20. How to enable SSL 3 in Java
  21. Choosing SSL client certificate in Java
  22. Java SSLHandshakeException: no cipher suites in common
  23. How set up Spring Boot to run HTTPS / HTTP ports
  24. How to make HTTPS GET call with certificate in Rest-Assured java
  25. What is Keystore?
  26. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  27. How Can I Access an SSL Connection Through Android?
  28. SSLSocket ignores domain mismatch
  29. How can I decode a SSL certificate using python?
  30. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”

Leave a Comment