How do i create a .p12 (or .jks) file from aws Export certificate?

Question

I need a certificate for my server (rest api / https)

In AWS Certificate manager i did create a private CA, after that a private certificate and made an export of it.

The export gave me 3 files

Certificate body
Certificate chain
Certificate private key

these are pem files

i did try to create a p12 or jks file with openssl but they didnt work, the app kind of crashes with javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

i get this ^^ with openssl pkcs12 -export -inkey private_key.pem -in all.pem -name test -out server.p12

when i try a get endpoint in browser, i get a response but the browser says "certificate is not trusted"

i am not sure if i am creating the p12 file in a wrong way or if there is am issue with my steps before with aws

Hida · Accepted Answer · 2020-12-05T17:45:51.393

2

Make sure that you private CA is trusted in your endpoint browser, if not, you have to import it to trusted issuer list(trusted CA) in your browser certificate manager.

Use -certfile parameter to openssl to include your CA:

     openssl pkcs12 -export -inkey private_key.pem -in all.pem -certfile yourca.pem -name test -out server.p12

Without this parameter, server.p12 may contain just one certificate and private key. Check your server.p12:

     openssl pkcs12 -in server.p12

Make sure that your CA included now.

edited Dec 05 '20 at 17:45

answered Dec 05 '20 at 17:31

Hida

154
10

thx that may work, but i did found a different approach in the mean time. – Michal Dec 06 '20 at 18:36
.. what approach. on the answer, might wanna explain what individual keys are referring to – kewur Jun 16 '22 at 13:52

How do i create a .p12 (or .jks) file from aws Export certificate?

1 Answers1