javasslmicroservicesself-contained

How to create Java JKS file from GoDaddy SSL certificate

I bought an SSL certificate in GoDaddy. I need to use it to start my Spark Java self-contained server through a secure connection. According to the documentation in http://sparkjava.com/documentation#examples-and-faq, I need to do the following:

String keyStoreLocation = "deploy/keystore.jks";
String keyStorePassword = "password";
secure(keyStoreLocation, keyStorePassword, null, null);

But when I download the certificate from GoDaddy I got the files:

11111.pem
11111.crt
bundle-g2-g1.crt

What do I need to do to convert these files is something compatible to use as the first parameter of secure(keyStoreLocation, keyStorePassword, null, null);?

Solution

  • Convert to PKC12/P12

    If the my-file.pem file is your private key (check the first line is 5 hyphens, BEGIN, optionally a word like RSA EC or ENCRYPTED, PRIVATE KEY, and 5 hyphens) then start with

    openssl pkcs12 -export -in my-file.crt -inkey my-file.pem -certfile bundle-g2-g1.crt -out my.p12

    If the my-file.key file is your private key, the run the command below:

    openssl pkcs12 -export -in my-file.crt -inkey my-file.key -certfile bundle-g2-g1.crt -out my-file.p12

    Note:

    You will be required to enter a password which you will need to save as it will be required by the application that wants to use the certificate.

    Convert to JKS

    Nearly all java programs since 2018 can actually use a PKCS12 instead of JKS for a keystore, but if this code really does need a JKS then do

    keytool -importkeystore -srckeystore my-file.p12 -destkeystore my-file.jks -deststoretype jks 
# if using very old Java (below 8u40 or so) add -srcstoretype pkcs12

    Re-convert to PKCS12 from JKS

    The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using:

    keytool -importkeystore -srckeystore my-file.jks -destkeystore my-file.p12 -deststoretype pkcs12

    Mostly dupe (but somewhat updated from)
    Combined .pem certificate to truststore/keystore.jsk
    How to convert certificate from PEM to JKS?
    How do I generate X.509 certificate from key generated by openssl and more linked there
    https://serverfault.com/questions/483465/import-of-pem-certificate-chain-and-key-to-java-keystore