There are plenty of resources out there about this topic, but none I found which covers this slightly special case.
I have 4 files;
- privatekey.pem
- certificate.pem
- intermediate_rapidssl.pem
- ca_geotrust_global.pem
And I wish to import them into a fresh keystore.
Some site suggest to use DER-format, and import them one by one, but this failed because the key is not recognized.
Another site suggested a special "ImportKey"-class to run for import, and this worked until I saw that the chain is broken. I.e. the chain length on the certificate is 1, ignoring the intermediate and ca.
Some sites suggest PKCS7, but I can't even get a chain from that. Other suggest PKCS12 format, but as far as my tests go that failed as well for getting the whole chain.
Any advice or hints are much welcome.
Best Answer
This may not be perfect, but I had some notes on my use of
keytool
that I've modified for your scenario.Import a root or intermediate CA certificate to an existing Java keystore:
Combine the certificate and private key into one file before importing.
This should result in a file resembling the below format.
Import a signed primary certificate & key to an existing Java keystore: