Creating a .jks from a .crt and .key file, is that possible

Question

I requested a SSL certificate from an authority.

First, I created a .csr and a .key file on my computer and saved those. I sent the .csr and got back a .crt file and other files that I installed on my server.

All works fine for my Apache server with an SSL connection. However, I would like to be able to use the same certificate for a Tomcat server that I also have running on the system on a different port (Using JIRA). The setup needs a .jks file. Is it possible to generate that from the files that I have?

This seems like it might work, but I don't have that utility in my CLASSPATH or cannot find it.

Oracle instructions

Answer 1

You can use openssl and keytool

openssl pkcs12 -export -out domainname.pfx -inkey domainname.key -in domainname.crt -password pass:mypassword

keytool -importkeystore -srckeystore domainname.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass mypassword -destkeystore domainname.jks -deststoretype jks -deststorepass mypassword -destalias myalias

Where

• domainname.crt is the crt input file
• domainname.key is the key input file
• domainname.pfx is the pkcs12 intermediate file
• domainname.jks is the jks output file
• mypassword is the password of the pkcs12 and the jks files
• myalias is the alias of the certificate in the jks file

Answer 2

You can convert a PFX from those files:

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

Then export the jks from the PFX by following this guide:

https://blogs.oracle.com/blogbypuneeth/post/steps-to-create-a-jks-keystore-using-key-and-crt-files