Use an existing private key to create a Java keystore


You have generated a self signed certificate or a client gives you a certificate with a private key that was signed by the client's signing authority. You want to create a new Java keystore using your new private key or the client's existing private key.


First you need to combine the certificate and the private key using the command below.

# openssl pkcs12 -export -in certificate.crt -inkey private.key -certfile certificate.crt -name "my_tomcat_certificate" -out keystore.p12

Next you will need to use the java keytool command to create the new keystore in JKS format.

# $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore /path/to/some/.keystore -deststoretype JKS

That's it...Done!

View the private key in your newly created keystore:

# $JAVA_HOME/bin/keytool -list -keystore /path/to/some/.keystore -storepass mysecretpassword

Note:  If you leave out the "-storepass" parameter, you will be prompted for the password.


Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

my_tomcat_certificate, Apr 27, 2016, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 4A:52:B4:E3:C6:CD:A5:36:F7:29:BE:A1:CD:3D:D8:2C:C4:3B:EC:D5