Avatar of huangs3
Flag for Canada asked on

JRE keytool: how to import PrivateKeyEntry certificate?

I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.

In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.

Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCertEntry) of the imported certificates in .keystore decided by the way of importing? or by the .cer file itself?
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?

Thank you!
* JreJava App ServersJavaSSL / HTTPSNetwork Security

Avatar of undefined
Last Comment
Hans Liem

8/22/2022 - Mon

According to THIS, you can't import a separate private key, but you might be able to merge per post 478 on that page

File extensions are arbitary, but in general a .cer is a certificate, and a .key is a private key for a certificate

If the csr for the certificate was generated with keytool from the keystore, the private key is already in the keystore.

This explains in more detail https://www.digicert.com/csr-creation-java.htm 

If you are trying to import a certificate and key into an existing keystore, then usualy one would use openssl to create a pks12 certificate (which combines the certificate and the key, and then importy the pks12 certificate

This explains in more detail https://coderwall.com/p/3t4xka/import-private-key-and-certificate-into-java-keystore
Hans Liem

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck