Java Keystore Files: Difference between revisions
Created page with "= Create a Java Keystore (.JKS) from Let's Encrypt Certificates = Application server like Jetty, Glassfish or Tomcat need a keystore (.jks) in order to properly handling the..." |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
Application server like Jetty, Glassfish or Tomcat need a keystore (.jks) in order to properly handling the certificates. These three simple steps will create a valid keystore file for your application server using the Let's Encrypt service. Have fun, be encrypted! | Application server like Jetty, Glassfish or Tomcat need a keystore (.jks) in order to properly handling the certificates. These three simple steps will create a valid keystore file for your application server using the Let's Encrypt service. Have fun, be encrypted! | ||
| Line 25: | Line 23: | ||
=== The commands === | === The commands === | ||
<code bash>sudo openssl pkcs12 -export -in | <code bash>sudo openssl pkcs12 -export -in OUTPUT_FILE_HERE.pem -inkey KEYFILE_HERE -out pkcs.p12 -name NAME_HERE</code> | ||
<code bash>sudo keytool -importkeystore -deststorepass PASSWORD -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias | <code bash>sudo keytool -importkeystore -deststorepass PASSWORD -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS_HERE</code> | ||
Latest revision as of 22:45, 16 January 2021
Application server like Jetty, Glassfish or Tomcat need a keystore (.jks) in order to properly handling the certificates. These three simple steps will create a valid keystore file for your application server using the Let's Encrypt service. Have fun, be encrypted!
Step 1 - Create keys
Skip if you already have a cert
./letsencrypt-auto certonly --standalone -d DOMAIN.TLD -d DOMAIN_2.TLD --email EMAIL@EMAIL.TLD
Change to the directory (probably /etc/letsencrypt/live/DOMAIN.tld) where the certificates were created.
Step 2 - Create a PKCS12 file containing full chain and private key
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name NAME
Step 3 - Convert PKCS12 to Keystore
The STORE_PASS is the password which was entered in step 2) as a password for the pkcs12 file.
keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias NAME
If you happen to get a java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded, you have probably forgotten to enter the correct password from step 2.
The commands
sudo openssl pkcs12 -export -in OUTPUT_FILE_HERE.pem -inkey KEYFILE_HERE -out pkcs.p12 -name NAME_HERE
sudo keytool -importkeystore -deststorepass PASSWORD -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS_HERE