Create a KeyStore in JKS format

Both the controller, for its web application, and the agent, for the agent services, support SSL and require a Java KeyStore in JKS format for the certificates and keys.

This short tutorial will show you how to generate a KeyStore in JKS format based on .key and .crt files.

To generate it, you will need :

the private key used to create your certificate request (.key file)
the private key password (if any)
the certificate generated with the previously transmitted certificate request (the .crt file)

And following tools:

OpenSSL (https://wiki.openssl.org/index.php/Binaries)
a JDK installed on your machine (https://openjdk.java.net/)

For example, let’s assume the following:

your key file is mydomain.ch.key
your certificate file is mydomain.ch.crt

To generate the keystore, execute the following commands in a terminal:

# Generate the keystore in .p12 format
openssl pkcs12 -export -in mydomain.ch.crt -inkey mydomain.ch.key -certfile mydomain.ch.crt -out mydomain.ch.p12
# At this point you will be prompted for a password, make sure to remember it as it will be needed later on
# Enter the password
# Generate the Java keystore file
keytool -importkeystore -srckeystore mydomain.ch.p12 -srcstoretype pkcs12 -destkeystore mydomain.jks -deststoretype pkcs12

You now have a “mydomain.jks” keystore file ready to be used.

See Also