STEP 1: Frame the SSL Certificates in .pem
format
Get the certificates “Private Key”
“Public Certificate” and “Primary & Secondary Certificates” then
frame the certificates as shown below and save it as .pem format
private key = myprivatekey.pemPublic Certificate = mypublickey.cer
Primary & Secondary Certificates = Issuing.cer & Root.cer
Syntax:-
cat myprivatekey.pem mypublickey.cer Issuing.cer Root.cer > mycertificate.pem
After you frame the
certificate, install in local server stunnel and check the chain using the tool
"http://www.sslshopper.com/ssl-checker.html"
You should be able to see the
correct certificate chain.
STEP 2: Convert the .PEM certificate to .P12 certificate as shown below
Syntax:-
openssl pkcs12 -export -in mycertificate.pem -inkey myprivatekey.pem -name myaliasname -out mycertificate.p12
STEP 3: Convert the .P12 certificate to JKS format certificate as shown below.
Syntax:-
keytool -v -importkeystore
-srckeystore mycertificate.p12 -srcstoretype pkcs12 -destkeystore mycertificate.jks -deststoretype jks
Enter the destination keystore
(JKS) password and source keystore (.P12) password
STEP 4: Verify the JKS file using
below command and check the certificate details like common name, expiry date.
Syntax:-
keytool --list -v -keystore mycertificate.jks
STEP 5: Import
certificate in cacertsSyntax:-
keytool -import
-trustcacerts -file mycertificate.jks -alias myaliasname -keystore /etc/pki/java/cacerts
Note:-
*cacerts & keystore:- 'cacerts' is a truststore. A trust store is used to authenticate peers. A keystore is used to authenticate yourself.
*openssl:- it is the tool which deals with cryptography, encryption and security in Linux.
