![]() # 2) $LEAFCERT : Certificate for secret key obtained from some # 1) $KEY : Secret key in PEM format ("-BEGIN RSA PRIVATE KEY-") Here's more on the different kind of files in /etc/letsencrypt/live/you.com/. These instructions are derived from the blog post "Create a Java Keystore (.JKS) from Let's Encrypt Certificates" by Maximilian Böhm. Otherwise, you'll import pkcs.12 into the existing keystore. If keystore.jks doesn't exist, it will be created containing the pkcs.12 from the previous step. Create the Java keystore keytool -importkeystore -destkeystore keystore.jks -srckeystore pkcs.p12 \ The export option specifies that a PKCS #12 file will be created rather than parsed (according to the manual). You'll be prompted for a password for pkcs.p12. This combines your SSL certificate fullchain.pem and your private key privkey.pem into a single file, pkcs.p12. Create a PKCS #12 file openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 \ ![]() Maybe thank Thomas with an upvote.Īssuming you've created your certificates and private keys with Let's Encrypt in /etc/letsencrypt/live/you.com: 1. This Stack Overflow Answer provides an answer. You might caught in a change pf default cypher within openssl. ![]() If you are using OpenSSL 3.0 and a JDK newer than Java8u302 and get the following error: keytool error: java.io.IOException: keystore password was incorrect Openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtįAQ: I get error IOException: keystore password was incorrect Openssl req -new -out server.csr -key server.key OPTIONAL Step zero: Create self-signed certificate openssl genrsa -out server.key 2048 srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password \ deststorepass -destkeypass -destkeystore server.keystore \ Step two: Convert the pkcs12 file to a Java keystore keytool -importkeystore \ Note 2: You might want to add the -chain option to preserve the full certificate chain. Note: Make sure you put a password on the pkcs12 file - otherwise you'll get a null pointer exception when you try to import it. Step one: Convert the x.509 cert and key to a pkcs12 file openssl pkcs12 -export -in server.crt -inkey server.key \ I used the following two steps which I found in the comments/posts linked in the other answers:
0 Comments
Leave a Reply. |