Keytool - Install SSL Certificate

Last updated on 06 Sep 2023, 13:18:32.
Category: All about SSL certificates

Java Keytool

Keytool - SSL certificate installation

This article assumes you've received your certificate from the Certificate Authority, and that you wish to install it on your Java-based web server. If you want to know how to request an SSL certificate, please consult the « How to generate an SSL certificate request with keytool » article.

Depending on the Certificate Authority you ordered your certificate from, you may receive the certificates either as distinct files, all bundled in one file, or your certificate in one file and all CA certificates in a bundle.

Importing separate root, intermediate and domain certificates

Import all certificates you received from your CA to your keystore, starting with the root certificate. Execute the following command from the directory where your keystore file is located to import the CA root certificate:

keytool -import -trustcacerts -alias ca_root -file ca_root.crt -keystore www_server_com.jks

Next, import the intermediate certificate to your keystore:

keytool -import -trustcacerts -alias intermediate1 -file intermediate1.crt -keystore www_server_com.jks

If you received more than one intermediate certificate, repeat the step above, replacing the -alias and the -file parameter with the correct ones.

Finally, import your own SSL certificate to the keystore:

keytool -import -trustcacerts -alias www_server_com -file www_server_com.crt -keystore www_server_com.jks

Your Java keystore is now primed with all necessary certificates. However, you still need to configure your web server to use your SSL certificate. Please consult the appropriate article for your web server to do this.

Import a certificate bundle

If you received a .p7b certificate file from the Certificate Authority, there's only one command to execute, since the PKCS#7 file format contains a chain of root, intermediate and domain certificates in a single file.

keytool -import -trustcacerts -alias www_server_com -file www_server_com.p7b -keystore www_server_com.jks

Next, configure your Java web server to use your newly imported SSL certificate.

Related articles

Apache - Disable SSL 2.0, SSL 3.0 and opt fore a modern safe SSL config

This article shows you how to disable the SSL 2.0, SSL 3.0 and older TLS version protocols on your Apache...

Read more

Kinamo mail server settings (mail server cheat sheet)

The following article provides the basic settings and server names (domain names) for the Kinamo mail infrastructure. These settings allow...

Read more

Create an automatic SPAM filter in the Kinamo Webmail

This article explains how you may create a filter that will automatically place SPAM messages in a special folder, so...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Select your language

All languages: