Skip to content
Advertisement

How to import an existing X.509 certificate and private key in Java keystore to use in SSL?

I have this in an ActiveMQ config:

<sslContext>
        <sslContext keyStore="file:/home/alex/work/amq/broker.ks"  
 keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 
 trustStorePassword="password"/>
</sslContext>

I have a pair of X.509 cert and a key file.

How do I import those two in order to use them in SSL and SSL+stomp connectors? All examples I could google always generate the key themselves, but I already have a key.

I have tried

keytool -import  -keystore ./broker.ks -file mycert.crt

but this only imports the certificate and not the key file and results in

2009-05-25 13:16:24,270 [localhost:61612] ERROR TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

I have tried concatenating the cert and the key but got the same result.

How do I import the key?

Advertisement

Answer

Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore:

keytool -importkeystore 
  -deststorepass storepassword 
  -destkeypass keypassword 
  -destkeystore my-keystore.jks 
  -srckeystore cert-and-key.p12 
  -srcstoretype PKCS12 
  -srcstorepass p12password 
  -alias 1

Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement