Importing certificates into a Java keystore

by Wolfram Saringer (2011-12-06)
last change: 2011-12-06

First convert the certificate to X509 format using OpenSSL. Starting e.g. with a certificate in PKCS12 format convert it to PEM:
openssl pkcs12 -in certificate.cer -out certificate.crt -clcerts

Optionally: export public key:
openssl pkcs12 -in certificate.cer -out certificate.public -nokeys -clcerts

And then to X509:
openssl x509 -inform pem -in certificate.crt -outform der -out certificate.cer

This can finally be imported into a Java keystore:
/usr/local/jdk1.6/bin/keytool -import -keystore keystore.jks -trustcacerts -alias key-alias -file certificate.cer