Keytool - Install SSL Certificate

Last updated on 06 Sep 2023, 13:18:32.
Category: All about SSL certificates

Java Keytool

Keytool - SSL certificate installation

This article assumes you've received your certificate from the Certificate Authority, and that you wish to install it on your Java-based web server. If you want to know how to request an SSL certificate, please consult the « How to generate an SSL certificate request with keytool » article.

Depending on the Certificate Authority you ordered your certificate from, you may receive the certificates either as distinct files, all bundled in one file, or your certificate in one file and all CA certificates in a bundle.

Importing separate root, intermediate and domain certificates

Import all certificates you received from your CA to your keystore, starting with the root certificate. Execute the following command from the directory where your keystore file is located to import the CA root certificate:

keytool -import -trustcacerts -alias ca_root -file ca_root.crt -keystore www_server_com.jks

Next, import the intermediate certificate to your keystore:

keytool -import -trustcacerts -alias intermediate1 -file intermediate1.crt -keystore www_server_com.jks

If you received more than one intermediate certificate, repeat the step above, replacing the -alias and the -file parameter with the correct ones.

Finally, import your own SSL certificate to the keystore:

keytool -import -trustcacerts -alias www_server_com -file www_server_com.crt -keystore www_server_com.jks

Your Java keystore is now primed with all necessary certificates. However, you still need to configure your web server to use your SSL certificate. Please consult the appropriate article for your web server to do this.

Import a certificate bundle

If you received a .p7b certificate file from the Certificate Authority, there's only one command to execute, since the PKCS#7 file format contains a chain of root, intermediate and domain certificates in a single file.

keytool -import -trustcacerts -alias www_server_com -file www_server_com.p7b -keystore www_server_com.jks

Next, configure your Java web server to use your newly imported SSL certificate.


Related articles

Order an SSL certificate? What is an SSL certificate?

You need to order an SSL certificate? But what is an SSL certificate? And why is everyone saying that it...

Read more

SHA1, SHA2 and SHA256 SSL algorithms

SHA is a mathematical algorithm used in SSL encryption to verify the validity of the certificate's signature. Different iterations of...

Read more

Why do I see a yellow warning triangle on an HTTPS secured website?

The yellow warning triangle you may see when visiting a webpage that's secured with SSL, is an indication that Google...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Select your language

All languages: