FreeKB - Java keytool command - Import a certificate
Java keytool command - Import a certificate

Home > Search

If you are not familiar with the Java keytool command, check out our Getting Started article.

The -import option can be used to import a certificate in a .cer, .crt, or .pem file into a keystore. In this example, the *.example.com certificate in the example.com.crt file is imported into keystore.jks. I always place double quotes around the values, particuarly the alias, to account for values that have spaces or special characters, such as the * character.

keytool -import -file "/path/to/example.com.crt" -alias "*.example.com" -keystore "/path/to/keystore" -storepass "keystore_password"

 

If the keystore is a pkcs12 / p12 file, include the following option.

-storetype pkcs12

 

If the file being imported includes the certificate of the certificate authority (ca), the following option can be used to trust the CA.

-trustcacerts

 

The -importkeystore option can be used to import a certificate in a .p12 file into a keystore. In this example, the *.example.com certificate in the keystore1.p12 file is imported into keystore2.p12. 

keytool -importkeystore -srckeystore "/path/to/keystore1.p12" -srcstoretype pkcs12 -srcalias "*.example.com" -srcstorepass "keystore_password" -destkeystore "/path/to/keystore2.p12" -deststoretype pkcs12 -deststorepass "keystore_password" -destalias "*.example.com"

 

If the desitnation keystore already contains a certificate with the same alias as being imported, the following will be displayed.

Existing entry alias *.example.com exists, overwrite? [no]:

 

echo yes can be used to pass the text "yes" onto the import so that the certificate is imported into the destination keystore.

echo yes | keytool -importkeystore -srckeystore "/path/to/keystore1.p12" -srcstoretype pkcs12 -srcalias "*.example.com" -srcstorepass "keystore_password" -destkeystore "/path/to/keystore2.p12" -deststoretype pkcs12 -deststorepass "keystore_password" -destalias "*.example.com"

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter dd3d1 in the box below so that we can be sure you are a human.




Comments