Today we need to get a wildcard SSL certificate into a Java Keystore format. First copy everything you need to a /tmp folder. There are gd_bundle.crt , domain.com.crt and domain.com.key
1. Concatenate your certificate with gd_bundle:
# cat gd_bundle.crt domain.com.crt > domain.com-combined.crt
2. Run the following to convert your SSL combined bundle into PKCS12 format:
#cd /tmp
# openssl pkcs12 -export -name my.domain.com -in domain.com-combined.crt -inkey domain.com.key -out keystore.p12
Where:
-name (my.domain.com) is the domain you are going to be using the key on. Don’t use your *.domain.com address. Use name.domain.com or something like this.
-in is your signed certificate
-inkey is the key file from the server that generated your CSR (certificate signing request)
-out is just a name I picked
You will be asked to generate a password! Enter you password twice.
3. After that run this to generate your JKS:
(keytool is located in the bin-directory of your JRE-installation.)
#cd /usr/java/bin/
# ./keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias my.domain.com
-destkeystore is the name of the keystore (you are creating it)
-srckeystore is the PCKS12 keystore created above
-alias is the domain from above – make sure it matches the domain from above!
You will be asked to enter the password again. Do so and select a new password (or use the same one as before) when prompted.
4. Now you can verify it:
#keytool -list -v -keystore keystore.jks
That’s all, friends.
Leave a Reply