asked on JRE keytool: how to import PrivateKeyEntry certificate?
I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.
In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.
Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCe
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?
Thank you!
In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.
Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCe
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?
Thank you!
* JreJava App ServersJavaSSL / HTTPSNetwork Security
Last Comment
Hans Liem
According to THIS, you can't import a separate private key, but you might be able to merge per post 478 on that page
File extensions are arbitary, but in general a .cer is a certificate, and a .key is a private key for a certificate
If the csr for the certificate was generated with keytool from the keystore, the private key is already in the keystore.
This explains in more detail https://www.digicert.com/csr-creation-java.htm
If you are trying to import a certificate and key into an existing keystore, then usualy one would use openssl to create a pks12 certificate (which combines the certificate and the key, and then importy the pks12 certificate
This explains in more detail https://coderwall.com/p/3t4xka/import-private-key-and-certificate-into-java-keystore
If the csr for the certificate was generated with keytool from the keystore, the private key is already in the keystore.
This explains in more detail https://www.digicert.com/csr-creation-java.htm
If you are trying to import a certificate and key into an existing keystore, then usualy one would use openssl to create a pks12 certificate (which combines the certificate and the key, and then importy the pks12 certificate
This explains in more detail https://coderwall.com/p/3t4xka/import-private-key-and-certificate-into-java-keystore
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.