Import the CA Certificate into your Keystore
This procedure uses the Java keytool utility to import a CA-signed certificate into an existing keystore.
Before you begin
- You need a certificate for your server signed by a Certificate Authority.
- You need the trusted root CA certificate for the Certificate Authority.
- You need to know the keystore name, password, and alias you used when you created the keystore.
To import the CA certificate into your Java keystore with a CA-signed certificate
- Use the -importcert option to add the root CA certificate (CAcert.cer in this example) to the Java keystore that you generated when you created your private key (newkeystore.jks in this example). Use a new alias (cacert in this example); if the alias does not point to a key entry, keytool assumes you are adding a trusted certificate entry. For example:
keytool -importcert -alias cacert -file CAcert.cer -keystore newkeystore.jks
Note: Some CAs issue an intermediate certificate along with the main certificate. If this is true for your CA, then import these certificates using unique aliases to your keystore.
- Use the -importcert option to add the server certificate you received from the CA (certnew.cer in this example) to your keystore. Use the alias you provided when you generated the keys; if the alias points to a key entry, keytool assumes you are importing a certificate reply. For example:
keytool -importcert -alias webedition -file certnew.cer -keystore newkeystore.jks