• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

  • Home
  • Blog

keytool import certificate How to import a cert into a keystore

January 23, 2020 by Mister PKI Leave a Comment

What is Java keytool?

The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to import a certificate into a keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.

Use cases to import a certificate into a keystore.

You may want to import certificates into a keystore for two reasons:

  1. If you are using the keystore as a trust store, to add the first or an additional cert for your application to trust.
  2. To add a certificate response as a result of a Certificate Signing Request (CSR) signed by a third party Certification Authority (CA). See how to create a CSR.

What keytool command do I use to import a certificate into a keystore?

Use this command to import a certificate into a keystore using the java keytool. The result will be an updated keystore with an entry containing the imported certificate with the provided alias. Note that if the -file option is not provided, the certificate will be imported from stdin.

keytool -importcert \
 -noprompt \
 -alias example-import \
 -file example.crt \
 -keystore example.p12 \
 -storepass changeit \
 -storetype PKCS12 \
 -v

Java keytool options:

-noprompt – Do not prompt.

-alias – The alias of the entry encapsulated in the keystore. The chosen value should enhance the readability of the keystore entries, especially when the keystore contains multiple entries.

-file – The file containing the X.509 certificate being imported.

-keystore – The filename of the keystore.

-storepass – The current keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.

-storetype – Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.

-v – Verbose output.

keytool import certificate
keytool import certificate

Here are the official keytool docs to dive further into how to import a certificate into a keystore.

https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__CREATEORADDDATATOTHEKEYSTORE-507D49D2

Read all of our blog content.

Uncategorized

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

  • Twitter
  • YouTube

Copyright © 2020 ยท Designed by North Flow Tech