Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

Creating JSK for a Java based web server

Daniel Nashed – 27 October 2019 22:27:38
This weekend I have been looking into setting up a Flexnet server, which is based on a Java process that needs a certificate.
The server uses the Java Key Store format (JKS) which isn't obvious to create form an existing certificate.

It's easier when you have an existing store. But for a server you usually need a new JKS file.

I found a quite straight forward but not obvious path.

This might be also interesting for other applications. That's why I am posting it here. Having that information would have saved me an hour of research.

-- Daniel

Convert PEM into P12

In many cases you have a PEM file with the key, leaf certificate, intermediate certs and the trusted root.

This can be converted to a pkcs12 (aka as p12) file. This format can be used by many web-servers. But like Domino needs it's own keyring format, Java needs the JKS format.

openssl pkcs12 -export -out lls.p12 -in lls.pem -password pass:mypassword

Import p12 into a new JKS

Once you created a p12, the Java keytool can convert the p12 into a JKS.
This step creates a new JKS file with all the information from the p12 file :-)

keytool -importkeystore -deststorepass mypassword -destkeystore lls.jks -srcstorepass mypassword -srckeystore lls.p12 -srcstoretype PKCS12

That's a quite straight forward way, which can be used to automate the process.

Show Certs

Once you have created the JKS, you can dump all information from the JKS file to check it's all included.

keytool -list -keystore lls.jks -storepass mypassword -v



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]