23

HI All,

I have a .crt file and I need to get the associated keystore file. How to do so?

Is keytool is helpful in that?

Thanks.

Muhammad Hewedy
  • 26,344
  • 42
  • 116
  • 201

2 Answers2

50

In JDK8 or higher:

Command below creates empty store and imports your certificate into the keystore:

keytool -import -alias alias -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1

In JDK7:

Older versions of JDK7 create non-empty keystore which then needs to be cleared. Below is how you do that.

Create store with temporary key inside: 

keytool -genkey -alias temp -keystore yourkeystore.jks -storepass Hello1

Then delete existing entry: 

keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1

Now you've got empty store. You can check that it's empty: 

keytool -list -keystore yourkeystore.jks -storepass Hello1

Then import your certificate to the store:

keytool -import -alias alias -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1

And off you go!

ruruskyi
  • 1,874
  • 2
  • 23
  • 35
  • 1
    why are trying to make it empty? I have keystore already which is not empty, will it make a difference to add another certificate rather than emptying it?? – azerafati May 23 '15 at 07:23
  • @ruruskyi Hi, I find that you generate a .jks file. Is it possible to generate .keystore file? – TommyQu Jun 12 '17 at 19:28
  • @TommyQu .jks and .keystore are essentially same thing, you can rename to .keystore if you want. – ruruskyi Jun 23 '17 at 06:07
  • 5
    Actually, you do not need to create an empty keystore first. If you use the last command only, it will create a keystore with just one trust entry for the imported certificate, given that the keystore does not yet exist. – hlg Nov 12 '17 at 02:55
  • Well, keytool has been changed in one of 1.7.0_1xx updates. So if you have one of those older versions of jdk7, you need all 4 commands. In jdk8 or higher you only need last line, agree. – ruruskyi Mar 15 '19 at 13:09
-3

Yes, for eg.
keytool -genkey -alias duke -keypass dukekeypasswd from (http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html)

ch4nd4n
  • 3,905
  • 2
  • 18
  • 39