Link to home
Start Free TrialLog in
Avatar of huangs3
huangs3Flag for Canada

asked on

JRE keytool: how to import PrivateKeyEntry certificate?

I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.

In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.

Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCertEntry) of the imported certificates in .keystore decided by the way of importing? or by the .cer file itself?
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?

Thank you!
Avatar of CEHJ
CEHJ
Flag of United Kingdom of Great Britain and Northern Ireland image

According to THIS, you can't import a separate private key, but you might be able to merge per post 478 on that page
File extensions are arbitary, but in general a .cer is a certificate, and a .key is a private key for a certificate

If the csr for the certificate was generated with keytool from the keystore, the private key is already in the keystore.

This explains in more detail https://www.digicert.com/csr-creation-java.htm 

If you are trying to import a certificate and key into an existing keystore, then usualy one would use openssl to create a pks12 certificate (which combines the certificate and the key, and then importy the pks12 certificate

This explains in more detail https://coderwall.com/p/3t4xka/import-private-key-and-certificate-into-java-keystore
ASKER CERTIFIED SOLUTION
Avatar of Hans Liem
Hans Liem
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial