
Create Java keystore from Cert and Key

Primary LanguageJava


ImportKey is a patched version of 


with the certificate chain import code fixed.

* Java 1.5+

Pre-Flight Instructions

* Make sure all keys/certs are in .der format
    openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
    openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

* For certificate chains: cat all the certs together

    cat cert.der server-chain2.der server-chain1.der ct_root.der > certs.der

* Build ImportKey

    javac ImportKey.java


   java ImportKey <private key> <certificate> [<alias>]


   java ImportKey key.der cert.der "My Alias"

Changing the Keystore password

To change the Keystore password to something else you use keytool which is supplied with Sun Java.

So to change it from *importkey* to *mypassword* you would do the following:
 keytool -storepasswd -v -keystore ~/keystore.ImportKey -storepass importkey -new mypassword

Also we generally want to change the keypass to the same as the storepass (it too will be set to *importkey*:
 keytool -keypasswd -v -alias "My Alias" -keystore ~/keystore.ImportKey -storepass mypassword -keypass importkey -new mypassword


Kudos to Jochen Seifarth http://www.agentbob.info/ for creating ImportKey which works around keytool's stupid limitations.