Mar 29, 2016 This tutorial explains how to create a public private keystore for client and server. You can use these keystores to secure communication between client and server. Following steps are required for generating a public private keystore: Create a keystore for client and server. Export public certificate from keystores.

When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signedcertificate of it, You can not create a key store with just one keytool command.

You need to go through following to get it done.

Step 1. Create PKCS 12 file using your private key and CA signed certificate of it. You can use openssl command for this.

If your private key has a password, It would promote to enter the password of private key. You need to define a password for PKCS 12 file as well.

As an example, say i have a private key called “server.pem” and certificate with “servercret.pem”

Step 2. Create JKS file using keytool command

Created PKCS 12 file has been given as the source keystore and new file name (wso2carbon.jks) has been given as the destination keystore.

Generate Public Key From Private Key Keytool

As an example,

As an additional steps, you can change the private key password of the created JKS file and also the alias name for your private key entry.

Step 3 (Optional). Changing the password of private key file in keystore. More details from here as well

Step 4 (Optional). Change the alias name of the private key entry

By default [current alias] is set to “1”

Thanks for reading…!!! Also you can find more details on creating self signed KeyStore from here

Related posts:

Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

1- Create PKCS#12 keystore (.p12 or .pfx file)

  • myKeystore.p12 = keystore filename. It can with .pfx extension as well.
  • MY_PASSWORD = password used for the keystore and the private key as well.
  • CN = commonName, it will be shown as certiciate name in certificates list.
  • OU = organizationUnit, department name for example.
  • O = organizationName, the company name.
  • L = localityName, the city.
  • S = stateName, the state.
  • C = country, the 2-letter code of the country.

Generate Private And Public Key

Note: This step can be done using openssl but it's more complicated.

2- Create the public certificate (has the header -----BEGIN CERTIFICATE-----):

Generate Public Private Key Pair Keytool

Using keytool:

Or using openssl:

Generate Public Key From Private Key Keytool File

Note: Import public-certificate.pem into browsers to trust it. Add it to 'Trusted Root Certification Authorities' certificate store.

Generate Rsa Public Private Key

3- Export the private key (has the header -----BEGIN PRIVATE KEY-----):

Generate Public Key From Private Key Keytool Software

4- Export the public key from the private key (has the header -----BEGIN PUBLIC KEY-----):

Coments are closed
Scroll to top