If you already have a PKCS12 file that contains the certificate which you want to import and the private key belonging to it, then you can skip to step 2. These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Here are the commands used to create the keystore for Tomcat with a wildcard certificate. Get detailed instructions, check Comodo SSL technical FAQs. Therefore you have a self signed certificate in this case. You can check this with the command. But I digress. Combine the private key and the certificate into a PKCS12 keystore. How to import a .cer certificate into a java keystore? 1. The Most Common Java Keytool Keystore Commands. ... keytool command to import the ... your key pair. Here are the basic details from that post. A password is required The first step is to combine the private key and the certificate into a PKCS12 keystore which will be used in the second step. When creating a keystore with the Java keytool a keypair is generated and the certificate is signed with the private key itself. To import an openssl based generated private key and certificate into java keystore, follow the instructions below. keytool -list -v -keystore The first certificate shown should have the same Owner and Issuer. ... the private key. Below, we have listed the most common Java Keytool keystore commands and their usage: Java Keytool Commands for Creating and Importing. How to import an OpenSSL based generated private key and certificate into Java keystore? If you find the alias "foo", import the information into the keystore named "publicKey.store". For ages the keytool application shipped as part of Java could provide all the functionality to generate a private key and certificate sign request from a Java keystore, but the most basic function, importing a preexisting private key and certificate generated externally, remained overlooked. keytool doesn't provide a way to import certificate + private key from a single (combined) file, as proposed above. Self signed keystore can be easily created with keytool command. This import command can be read as: Read from the certfile file named certfile.cer. This is fixed in Java 6, at long last. Keytool in Java 6 does have this capability: Importing private keys into a Java keystore using keytool. Get detailed instructions, check Comodo SSL technical FAQs. In fact, jarsigner can take the argument -storetype pkcs12, meaning you don't need to keep your signing key in a JCE keystore at all. Import a signed primary certificate to an existing Java keystore. Look in that file for an alias named "foo". $ keytool -import -alias foo -file certfile.cer -keystore publicKey.store. You can check it by keytool -list -v -keystore yourkeystore.jks - yourdomain entry type is TrustedCertEntry, not PrivateKeyEntry. This topic describes how to convert PEM-format certificates to the standard Java KeyStore (JKS) format. Use the keytool command to generate a public and private key pair, and keystore file. Convert the existing cert to a PKCS12 using OpenSSL. The -storetype argument to keytool allows you to translate key material. Import New CA into Trusted Certs. Import Certificates from a p7b package into your Java Keystore. NOTE:If your certificate was provided within a p7b package, you do not need to import each certificate separately. Instead, use the procedure described in Import Certificates from a p7b package into your Java Keystore. How to import an OpenSSL based generated private key and certificate into Java keystore? It runs fine, but only certificate is imported, while private key is ignored.