[lug] Migrating x509 public/private keypair to java jks

Andrew Diederich andrewdied at gmail.com
Mon Apr 10 15:47:35 MDT 2006

I have a pem formatted public/private keypair that I want to use for a
java program (tomcat).  The tomcat program needs a jks formatted file,
it cannot use pkcs12.  If I try to do a "keytool -import" on a pem
file with the public/private keypair I get a java exception because
the private key isn't an x509 cert.

keytool -import -alias www.example.com -file wwwexamplecom.pubpriv.pem
-v -storetype jks -keystore keystore.jks
Enter keystore password:  changeit
keytool error: java.lang.Exception: Input not an X.509 certificate

I get the same error trying to import just the private key.

If I specify a file with just the public cert keytool wants to import
the public cert as a trusted cert, and I don't get the private key. 
If I use "keytool -genkey" to generate a public/private keypair and
try to import my old public cert, of course the public cert doesn't
match the new private key.

Is it even possible to convert PEM formatted x509 certs into a java
jks file?  If it is possible, does anyone have any references how to
do it?

Thanks for the help.

Andrew Diederich

More information about the LUG mailing list