Thursday, 3 December 2015

How to install a SSL certificate to java keystore file?

First, before buying a certificate you need to create a CSR (Certificate Signing Reqest) which is to be given for buying one. So for that you need to create a private key with in the server. This private key is not supposed to be shared to any one, but you need to create one before generating the CSR.

Follow the below steps.

Generating Keystore file

Run Command

keytool -genkey -alias keyalias -keyalg RSA -keysize 2048 -keystore domain.keystore

This will create a keystore named domain.keystore . You need to replace the domain name with yours. When asked for name and other details, you need to enter domain name for name. If its wild card certificate you need to enter *.domainname as name

Creating CSR

Run Command

keytool -certreq -keyalg RSA -alias keyalias -file csr.txt -keystore domain.keystore

This will create file named csr.txt which needs to shared to purchase the SSL certificate.

Once you got the SSL certificate purchased from the certificate provider follow the below steps.

Installing Root and Intermediate certicates

Most of the SSL providers will share root and intermediatory certificates along with the main certificate. You need to install it one by one starting from ROOT.

Run command

keytool -import -keystore domain.keystore -alias root -file

Here the file name is the roor file

For intermediate file run command

keytool -import -keystore domain.keystore -alias intrim -file intrimca.crt

Here the file name  intrimca.crt  is the intermediate file

For installing main certificate run the below command.

keytool -import -keystore domain.keystore -alias keyalias -trustcacerts -file domain.crt

Here the file name  domain.crt  is the main certificate file. Here the most important thing to note is, you need to use the same alias name used when  generating the keystore file in the first step. In the example its keyalias

Hope this information helps people who try to find how to install SSL to a keystore file.