четверг, 24 марта 2016 г.

import openssl keys to JKS


#convert ca chain from PEM to DER
openssl x509 -outform der -in ca-chain.cert.pem -out ca.cert.der

#convert server cert and server private key to pkcs12 storage
openssl pkcs12 -export -in ./hostname.cert.pem -inkey ./hostname.key.pem -out ./hostname.p12 -name mywebservice -passin pass:Secret13 -passout pass:Secret13

#import server cert and private key from pkcs12 to JKS
keytool -importkeystore -srckeystore ./hostname.p12 -srcstoretype PKCS12 -srcstorepass Secret13 -alias mywebservice -deststorepass Secret13 -destkeypass Secret13 -destkeystore server-keystore.jks

#import ca chain
keytool -import -v -trustcacerts -alias ca-cert -file ca.cert.der -keystore ./server-keystore.jks -keypass Secret13