Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Creating JSK for a Java based web server

Daniel Nashed  27 October 2019 23:27:38
This weekend I have been looking into setting up a Flexnet server, which is based on a Java process that needs a certificate.
The server uses the Java Key Store format (JKS) which isn't obvious to create form an existing certificate.

It's easier when you have an existing store. But for a server you usually need a new JKS file.


I found a quite straight forward but not obvious path.


This might be also interesting for other applications. That's why I am posting it here. Having that information would have saved me an hour of research.

-- Daniel



Convert PEM into P12


In many cases you have a PEM file with the key, leaf certificate, intermediate certs and the trusted root.

This can be converted to a pkcs12 (aka as p12) file. This format can be used by many web-servers. But like Domino needs it's own keyring format, Java needs the JKS format.


openssl pkcs12 -export -out lls.p12 -in lls.pem -password pass:mypassword



Import p12 into a new JKS


Once you created a p12, the Java keytool can convert the p12 into a JKS.
This step creates a new JKS file with all the information from the p12 file :-)

keytool -importkeystore -deststorepass mypassword -destkeystore lls.jks -srcstorepass mypassword -srckeystore lls.p12 -srcstoretype PKCS12


That's a quite straight forward way, which can be used to automate the process.

Show Certs


Once you have created the JKS, you can dump all information from the JKS file to check it's all included.

keytool -list -keystore lls.jks -storepass mypassword -v



Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]