In my last blog I explained how to create a self-signed SSL certificate. You can go through the previous blog and generate the certificate and private key as we’ll be needing it for creating a KeyStore.
In this blog I’ll be explaining how one can create a KeyStore in PKCS12 Format using OpenSSL.
Let’s start with “What is PKCS12 Format ?”
A PKCS12(Public-Key Cryptography Standards) defines an archive-file format for storing server certificates, intermediate certificate if any and private key into a single encryptable file.
Now, lets see how we can create a KeyStore.
For generating a KeyStore one should already have an existing private key and certificate(self signed or signed by CA). Following are the steps required for creating a KeyStore:
-> Step1: Create private key and certificate.
After step1 you’ll have key(server.key), CSR(server.csr) and certificate(server.crt). We’ll be using server.key and server.crt files in our next step.
-> Step2: Create .pem file. Run the following commands from your terminal:
- cat server.key > server.pem
- cat server.crt >> server.pem
“A .pem(Privacy Enhanced Mail) file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates).”
The existing key and the certificate would be there in your server.pem file. The Structure of .pem file looks like this:
—–BEGIN RSA PRIVATE KEY—–
(Private Key: domain_name.key contents)
—–END RSA PRIVATE KEY—–
(Primary SSL certificate: domain_name.crt contents)
-> Step3: Create .pkcs12 file.
- openssl pkcs12 -export -in server.pem -out keystore.pkcs12
This command will generate the KeyStore with name keystore.pkcs12, you can use the KeyStore for configuring you server.
So this is how we can generate a KeyStore in PKCS12.