Java Keytool
SSL for Tomcat/Jboss/Weblogic using Java keystore.
List keys in the keystore
keytool -list -keystore ssl.keystore
Import a certificate into the keystore
keytool -import -keystore ssl.keystore -file cert.cer
Delete a certificate off of a keystore
keytool -delete -alias <alias looked up from -list>
Change keystore cert alias from 1 to tomcat
keytool -changealias -alias 1 -destalias tomcat -keystore <pathto>/cacerts
Change keystore's password
keytool -storepasswd -new new_storepass -keystore keystore.jks
Change private key's pssword for alias duke
keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass
Generating a keystore using openssl
openssl pkcs12 -export -chain -CAfile ca.crt -in cert.crt -inkey cert.key -out keystore.tomcat -name 1 -passout pass:mypass
Note that creation of ca.crt is tricky. If you just copy your intermediate CA bundle provided by the issuer you will get this error:
Error unable to get issuer certificate getting chain.
to create a ca.crt that would work with this command you would need the universal CA Root certificate of your issuer. So create it using:
cat UnivRootCA.crt > ca.crt
cat IntermediateCABundle.crt >> ca.crt
Note that order matters too, the universal root CA has to be on top!