Skip to content

Create new CSR and Import the Signed Certificate using the Java keytool⚓︎


Linux 7⚓︎

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# generate the private key in a new keystore
keytool -genkeypair -noprompt -alias server_cert -dname CN="<CommonName>, OU=<Org Unit>, O=<Org>, L=<City>, ST=<State>, C=<Country>" -keyalg RSA -keysize 2048 -keypass OurPassword -keystore keystore.jks -storepass OurPassword

# create the csr file
keytool -certreq -noprompt -alias server_cert -file server.csr -keystore keystore.jks -keypass OurPassword -storepass OurPassword

# get your CSR submitted and the signed certificate saved as server_cert.pem

# import the intermediate CA certificate
keytool -importcert -noprompt -alias intermediate -file intermediate.cer -keystore keystore.jks -storepass OurPassword

# import the root CA certificate
keytool -importcert -noprompt -alias root -file root.cer -keystore keystore.jks -storepass OurPassword

# import the signed certificate
keytool -importcert -noprompt -alias server_cert -file server_cert.cer -keystore keystore.jks -storepass OurPassword

# confirm you now have three certs in the keystore
keytool -v -list -keystore keystore.jks