Tags for this FAQ item:
Java Keytool

To what extent has this article answered your question?

Rated 3 stars, based on 4 votes

Keytool - Install SSL Certificate

Last updated: 14/01/2016

This article assumes you've received your certificate from the Certificate Authority, and that you wish to install it on your Java-based web server. If you want to know how to request an SSL certificate, please consult the « How to generate an SSL certificate request with keytool » article.

Depending on the Certificate Authority you ordered your certificate from, you may receive the certificates either as distinct files, all bundled in one file, or your certificate in one file and all CA certificates in a bundle.

Import all certificates you received from your CA to your keystore, starting with the root certificate. Execute the following command from the directory where your keystore file is located to import the CA root certificate:

keytool -import -trustcacerts -alias ca_root -file ca_root.crt -keystore www_server_com.jks

Next, import the intermediate certificate to your keystore:

keytool -import -trustcacerts -alias intermediate1 -file intermediate1.crt -keystore www_server_com.jks

If you received more than one intermediate certificate, repeat the step above, replacing the -alias and the -file parameter with the correct ones.

Finally, import your own SSL certificate to the keystore:

keytool -import -trustcacerts -alias www_server_com -file www_server_com.crt -keystore www_server_com.jks

Your Java keystore is now primed with all necessary certificates. However, you still need to configure your web server to use your SSL certificate. Please consult the appropriate article for your web server to do this.

If you received a .p7b certificate file from the Certificate Authority, there's only one command to execute, since the PKCS#7 file format contains a chain of root, intermediate and domain certificates in a single file.

keytool -import -trustcacerts -alias www_server_com -file www_server_com.p7b -keystore www_server_com.jks

Next, configure your Java web server to use your newly imported SSL certificate.