How to create a KeyStore in PKCS12 Format.


In my last blog I explained how to create a self-signed SSL certificate. You can go through the previous blog and generate the certificate and private key as we’ll be needing it for creating a KeyStore.

Create a self-signed SSL Certificate using OpenSSL.

In this blog I’ll be explaining how one can create a KeyStore in PKCS12 Format using OpenSSL.

Let’s start with “What is PKCS12 Format ?

A PKCS12(Public-Key Cryptography Standards) defines an archive-file format for storing server certificates, intermediate certificate if any and private key into a single encryptable  file.

Now, lets see how we can create a KeyStore.

For generating a KeyStore one should already have an existing private key and certificate(self signed or signed by CA). Following are the steps required for creating a KeyStore:

-> Step1: Create private key and certificate.

Create a self-signed SSL Certificate using OpenSSL.

After step1 you’ll  have key(server.key), CSR(server.csr) and certificate(server.crt). We’ll be using server.key and server.crt files in our next step.

-> Step2: Create .pem file. Run the following commands from your terminal:

  • cat server.key > server.pem
  • cat server.crt >> server.pem

“A .pem(Privacy Enhanced Mail) file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates).”

The existing key and the certificate would be there in your server.pem file. The Structure of .pem file looks like this:

—–BEGIN RSA PRIVATE KEY—–
(Private Key: domain_name.key contents)
—–END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
(Primary SSL certificate: domain_name.crt contents)
—–END CERTIFICATE—–

-> Step3: Create .pkcs12 file.

  • openssl pkcs12 -export -in server.pem -out keystore.pkcs12

This command will generate the KeyStore with name keystore.pkcs12, you can use the KeyStore for configuring you server.

So this is how we can generate a KeyStore in PKCS12.

Enjoy 🙂

Reference:

https://www.openssl.org/

KNOLDUS-advt-sticker
 

Advertisements
This entry was posted in Scala, Security, Security Controls and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

7 Responses to How to create a KeyStore in PKCS12 Format.

  1. Pingback: Create a self-signed SSL Certificate using OpenSSL. | Knoldus

  2. Pingback: Handling HTTPS requests with Akka-HTTPS Server | Knoldus

  3. Pingback: Handling HTTPS requests with Akka-HTTPS | DRK™

  4. andr3smp says:

    Hey guys,

    In this example you create only one key, what if you need to create a keystore with both the public key and the private key?

    Best Regards

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s