importing public key into keystore

There are several ways to import a private key into a keystore, the fact that Java's keytool doesn't allow this by default is something that should be looked at as a missing critical feature. Sun should really "FIX" this in the next release.

FIrst, you can use IBM's KeyMan located here (free but you need to register w/IBM)

To import your key and cert you'll need to convert them to something like DER format, with openssl commands like this:

openssl pkcs8 -topk8 -nocrypt -in ORIGINALKEY.PEM -inform PEM -out NEWKEY.DER -outform DER

openssl x509 -in ORIGNALCERT.PEM -inform PEM -out NEWCERT.DER -outform DER

Then just make a blank keystore with something like this:

~/sivox/ssl/java/bin/keytool -genkey -alias dummy -keyalg RSA -keystore keystore

Then run the KeyMan binary and when it pops up the error about bad resource, click the back button, browse for your keystore, and open it.

Then click File->Import and import your key and then your cert

You may want to rename them to tomcat if you're using this for tomcat.. To do that double click on the cert, click the little wrench thing, and just type a new name.

You can delete the original dummy key, just be careful, KeyMan isn't like most applications, for some reason it keeps items clicked until they are manually unclicked.

dougnakaa at 2007-7-14 21:00:40 >