Java has keytool command that has comprehensive commands to deal with it’s SSL certificate management, inclusively commands that deal with operation towards extracting from and bundling into Java keystore/truststore or other type of SSL keystore types such as PKCS12.

When building Java application you can use Key Store to store private key, and there is Trust Store to store certificates from trusted Certificate Authorities (CA).

Key Store or Trust Store

The naming convention confuses a lot of people including myself, however they are essentially of the same Java KeyStore (JKS) type. Think of it as key repository if you would, a Java app typically own both stores to separate public and private key. We can also bundle public and private keys together and store them in a single KeyStore. You can tell which method is being used by checking whether the KeyStore and TrustStore point to the same JKS location.

Keytool

Keytool is a tool that manages keystore and it does other things such as creating CSR, self-sign a certificate, keys crpytograpy, etc. We can bundle a public key and a private key pair into a PKCS12 format using the Keytool command below and take a note of the password when prompted.

openssl pkcs12 -export -name your.domain.com -in selfsigned.crt -inkey private.key -out store.p12

To import generated PKCS12 by the command above we can execute the command below.

keytool -importkeystore -srckeystore store.p12 -srcstoretype PKCS12 -destkeystore my-keystore