Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

by Leave a Comment

What is Java keytool?

The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to import a keystore into another keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.

Use cases to import a keystore into another keystore.

If you want to consolidate keystores or add a newly generated keystore to an existing keystore, this command will do that for you. This command will also allow you to add a subset of keystore entries and not the entire keystore if desired. Use -srcalias for this functionality. You may also want to convert or import a different store type into another keystore, such as a .JKS into a .P12.

What keytool command do I use to import a keystore into another keystore?

Use this command to import a keystore into another keystore using the java keytool. The result will be an updated keystore with all entries including keys and certificates from the other keystore.

keytool -importkeystore \
-srckeystore example2.p12 \
-destkeystore example.p12 \
-srcstoretype PKCS12 \
-deststoretype PKCS12 \
-srcstorepass changeit \
-deststorepass changeit \
-v

Java keytool options:

-srckeystore – The filename of the keystore to be imported from.

-destkeystore – The filename of the keystore to be imported to.

-srcstorepass – The current keystore password of the source keystore. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.

-deststorepass – The current keystore password of the destination keystore. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.

-srcstoretype – Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.

-deststoretype – Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.

-v – Verbose output.

import keystore
keytool -importkeystore

Here are the official keytool docs to dive further into how to import a keystore into another keystore. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__IMPORTCONTENTSFROMANOTHERKEYSTORE-507D4101

Read all of our blog content.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *