PEM to Java Keystore

·
1 min read
notes
#java #jdk #pem #keystore #pkcs12

PEM to Java Keystore

Normally, we used PKCS12 PEM for NGINX, Apache2, OpenLDAP, postfix, etc.

BUT NOT JAVA! :P

Conventions

Terminal window
export PASS=changeit
export DOMAIN=example.org

I’m too lazy, just streamlined it all. :P

Import

Terminal window
openssl pkcs12 -export -in $DOMAIN.crt -inkey $DOMAIN.key -out $DOMAIN.p12 -name $DOMAIN -passout pass:$PASS
keytool -importkeystore -deststorepass $PASS -destkeypass $PASS -destkeystore $DOMAIN.keystore -srckeystore $DOMAIN.p12 -srcstoretype PKCS12 -srcstorepass $PASS -alias $DOMAIN

Note

The keytool command warns this after creating of a keystore:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using “keytool -importkeystore -srckeystore clientkeystore -destkeystore clientkeystore -deststoretype pkcs12”.

But, hey, every Java thing still only able to load keystore, not PKCS12.

Reference

Mengubah Format PEM (Apache/NGINX) ke Keystore JAVA Chapter 6. Configuring Jetty Connectors: Configuring SSL/TLS

Related Articles

Installing OpenJDK for Servers

Installing OpenJDK for Servers

Installing Oracle Java 10 JDK on Debian Stretch

Installing Oracle Java 10 JDK on Debian Stretch

Install/Upgrade Quarkus Locally

Install/Upgrade Quarkus Locally