Import Pem into Java Key Store

Import PEM into Java Key Store

First, convert your certificate in a DER format :

openssl x509 -outform der -in certificate.pem -out certificate.der

And after, import it in the keystore :

keytool -import -alias your-alias -keystore cacerts -file certificate.der

How to import .pem together with .key to a keystore (.jks)

I've found a soulution which includes exporting the .key and .pem certs to a .p12 file, and then importing that .p12 file to a java keystore (.jks).

To export .pem and .key together to a .p12 use this command:

openssl pkcs12 -export -in <path to .pem cert> -inkey <path to .key cert> -out <desired name of the .p12 file with the extension> -name <cert alias>

Then, import the .p12 to the java keystore with this command:

keytool -importkeystore -v -srckeystore <path to .p12 file> -srcstoretype PKCS12 -destkeystore <path to .jks> -deststoretype JCEKS

import .pem file in jre using keytool [Windows 7]

Do you mean, you want to import .pem file into JRE truststore? Truststore file is located in %JAVA_HOME%\jre\lib\security\cacerts. Default password is "changeit".

Keytool accepts .pem certificate as well, so you don't need to convert it to another format. Simply execute the following import command,

keytool -import -alias <PROVIDE_UNIQUE_CERTIFICATE_ALIAS_HERE> -file <PATH_TO_PEM_FILE> -keystore <JRE_TRUSTSTORE_FILE> -storepass <TRUSTSTORE_PASSWORD>

And also, When i execute "keytool -list" command on CMD, its giving me
exception keytool error: java.lang.Exception: Keystore file does not
exist:

You need to specify the keystore path as well as the keystore password,

keytool -list -keystore <JRE_TRUSTSTORE_FILE> -storepass <TRUSTSTORE_PASSWORD>

If you would like to know more about keytool commands, this following link could be your best buddy,

https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

How do I import SSL certifcate .pem file into JRE cacerts file on Mac?

I finally was able to import the certificate into my JRE cacerts file. First I had to create a new .pem file with only the certificate:

-----BEGIN CERTIFICATE-----
MIIHQzCCBiugAwIBAgIQDEtIx...
-----END CERTIFICATE-----

Then I had to copy the cacerts file into a new location, and then run the following code to import it:

keytool -import -v -trustcacerts -alias serveralias -file /Applications/certificate.pem -keystore /cacerts

After importing the certifcate I then copied the new cacerts file back into the JRE security folder, and success!

Import .pem public and private keys to JKS keystore

KeyTool expects the objects in DER format. PEM is Base64-encoded DER, with a header and a footer. KeyTool cannot parse PEM.

However, OpenSSL can convert PEM objects to DER. E.g., for an X.509 certificate, the -outform DER command-line flag instructs OpenSSL to use DER as its output format.

This page apparently contains some more detailed explanations.

Import .key and .pem file to jks file and use in Java/Spring

Create a PKCS #12 file using OpenSSL utilities. Then you can specify this as your key store using the system properties.

openssl pkcs12 -export -in QA.test.pem -inkey QA.test.key -out test.pkcs12

This command will prompt for a password to encrypt the new PKCS #12 file. It may also prompt for the password that was used to encrypt QA.test.key, if any.

javax.net.ssl.keyStore=test.pkcs12
javax.net.ssl.keyStorePassword=<whatever you entered when creating PKCS #12>
javax.net.ssl.keyStoreType=PKCS12

The trustStore properties are separate; they affect how to authenticate the server. If the server uses a certificate issued by a "real" CA, the necessary certificates should be present in the Java runtime already. Otherwise, you'll have to create an additional key store, which can be done using Java's keytool command.

Note that Java 9 will use PKCS #12 files as the default keystore type.

---

Related Topics