Skip to content

How to create a keystore

Jump to bottom
assimbly edited this page Feb 22, 2019 · 5 revisions

Download certificates

When you don't have the certificate provided, you need to download it form the server. The easiest way is to download certificates with a browser. Just click on the lock next to the HTTPS urls. If the certificates other protocols for example a FTPS site than sometimes you can download the certificate from the same domain. Just change FTPS://url to HTTPS://url. To really be sure you can use openSSL command line tool (on most Linux). OpenSSL for Windows can be downloaded from this website:

https://indy.fulgan.com/SSL/

Example command:

openssl s_client -servername example.com -connect example.com:443 \ </dev/null 2>/dev/null | openssl x509 -text

Create Keystore (Truststore)

Below is an example how to create a keystore and import a certificate with keystore explorer (GUI) or keytool (Command line). The Keytool tool is distributed with JDK and can be found in the bin directory.

Part 1: Create keystore (jks file)

A) GUI

The easiest way is to create a keystore with help of keystore explorer. This tool can be download here:

https://keystore-explorer.org/downloads.html

B) Command line

Here is an example to create from command line

C:\Program Files\Java\jdk1.8.0_144\bin>keytool -keystore clientkeystore -genkey -alias client

Enter keystore password:

Re-enter new password:

What is your first and last name?

[Unknown]: john doe

What is the name of your organizational unit?

[Unknown]: gateway

What is the name of your organization?

[Unknown]: assimbly

What is the name of your City or Locality?

[Unknown]: amsterdam What is the name of your State or Province?

[Unknown]: amsterdam What is the two-letter country code for this unit?

[Unknown]: nl Is CN=john doe, OU=gateway, O=assimbly, L=amsterdam, ST=amsterdam, C=nl correct?

[no]: yes

Enter key password for <client>

    ``(RETURN if same as keystore password):``

Save your keystore password in your favorite password manager!

Part 2: Import the certificate

A) GUI

To import certificates just import the certificates in the created keystore.

B) Command line

C:\Program Files\Java\jdk1.8.0_144\bin>keytool -import -alias client2 -file "C:\Users\user\certificate2.crt" -keystore clientkeystore

Enter keystore password:

Owner: [email protected], OU=gateway, O=assimbly, L=amsterdam, ST=amsterdam, C=NL, CN=localhost Issuer: [email protected], OU=gateway, O=assimbly, L=amsterdam, ST=amsterdam, C=NL, CN=localhost Serial number: db5b315

Valid from: Tue Oct 09 17:50:29 CEST 2018 until: Wed Oct 09 17:50:29 CEST 2019 Certificate fingerprints: MD5: C6:0B:2E:CD:55:5A:61:04:1D:B5:8F:23:57:63:DC:AD SHA1: 87:C5:1D:33:CB:9A:77:FD:7B:12:ED:20:63:1A:EE:0B:C2:9F:CD:F7 SHA256: 7C:7D:0D:78:A8:E4:0E:3E:7A:30:7B:08:B4:4E:68:08:ED:4D:99:FE:0F: C6:79:33:DA:2D:59:42:57:D7:DF:E9 Signature algorithm name: SHA256withRSA Version: 3

Trust this certificate? [no]: yes

Certificate was added to keystore

Clone this wiki locally