Last updated: 14/01/2016
This article assumes you've received your certificate from the Certificate Authority, and that you wish to install it on your Java-based web server. If you want to know how to request an SSL certificate, please consult the « How to generate an SSL certificate request with keytool » article.
Depending on the Certificate Authority you ordered your certificate from, you may receive the certificates either as distinct files, all bundled in one file, or your certificate in one file and all CA certificates in a bundle.
Import all certificates you received from your CA to your keystore, starting with the root certificate. Execute the following command from the directory where your keystore file is located to import the CA root certificate:
keytool -import -trustcacerts -alias ca_root -file ca_root.crt -keystore www_server_com.jks
Next, import the intermediate certificate to your keystore:
keytool -import -trustcacerts -alias intermediate1 -file intermediate1.crt -keystore www_server_com.jks
If you received more than one intermediate certificate, repeat the step above, replacing the -alias and the -file parameter with the correct ones.
Finally, import your own SSL certificate to the keystore:
keytool -import -trustcacerts -alias www_server_com -file www_server_com.crt -keystore www_server_com.jks
Your Java keystore is now primed with all necessary certificates. However, you still need to configure your web server to use your SSL certificate. Please consult the appropriate article for your web server to do this.
If you received a .p7b certificate file from the Certificate Authority, there's only one command to execute, since the PKCS#7 file format contains a chain of root, intermediate and domain certificates in a single file.
keytool -import -trustcacerts -alias www_server_com -file www_server_com.p7b -keystore www_server_com.jks
Next, configure your Java web server to use your newly imported SSL certificate.