alvin alexander
Home search using google About Alvin Alexander rss feed Alvin Alexander on Twitter Donate to keep Alvin writing!

Java “keytool import”: How to import a certificate into a keystore file

By Alvin Alexander. Last updated: June 17, 2018

Java “keytool import” FAQ: Can you share some examples of the Java keytool import command and process?

When you're working with Java public and private keys, there may be a time when someone else says, "Here is a certificate. Import it into your public key keystore, and then you can do XYZ", where "XYZ" can be a variety of things, including reading their document, using their Java application, etc. To do this you need to use the Java keytool import command.

In this example I'll assume that you have just received a keytool certificate file from another person, and you want to import the information in that certificate file into your public keystore file.

Java keytool import - Import a certificate into a public keystore

Assuming that you've been given a certificate file named "certfile.cer" which contains an alias named "foo", you can import it into a public keystore named "publicKey.store" with the following keytool import command:

$ keytool -import -alias foo -file certfile.cer -keystore publicKey.store

This import command can be read as:

  • Read from the certfile file named certfile.cer.
  • Look in that file for an alias named "foo".
  • If you find the alias "foo", import the information into the keystore named "publicKey.store".
  • Note: The file publicKey.store may already exist, in which case the public key for "foo" will be added to that keystore file; otherwise, publicKey.store will be created.

Java keytool import - a complete example

Here's the actual input and output from a Java keytool import example. Hopefully you can use the description I just provided to understand how this command works:

$ keytool -import -alias publicCertFromAl -file certfile.cer -keystore publicKey.store

Enter keystore password:  BARBAZ
Owner: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Serial number: 4bd4e793
Valid from: Sun Apr 25 17:08:35 AKDT 2010 until: Sat Jul 24 17:08:35 AKDT 2010
Certificate fingerprints:
       MD5:  55:20:B2:68:FD:0F:4E:BF:D5:E5:D5:04:47:6C:E3:10
       SHA1: 25:17:A0:CA:86:CC:3E:6C:2D:C0:4E:8D:E8:33:05:F7:4B:50:FE:E5
Trust this certificate? [no]:  yes
Certificate was added to keystore

A few important points here about this output:

  • The alias used here (publicCertFromAl) does not have to correspond to the alias used when the private key keystore and certificate file were created.
  • The password shown above is the password for the keystore named publicKey.store.

At this point, assuming everything worked, you probably don't need the intermediate certificate file, so you can delete it. To be sure though, you should test that the public key is now in your keystore file. You can do this by attempting to use the public key for whatever your purpose is, and you can also list the contents of the public key keystore file, using the commands shown in my "keytool list" tutorial.

If you'd like to see the entire process of creating a private key, exporting it in a certificate file, importing it into a public keystore, and listing the keystore contents, I have all of that in one place in a long-but-complete Java keytool, keystore, genkey, export, import, certificate, and list tutorial as well.

java
export
import
java
keytool
list
certificate
keystore
public key
private key

books by alvin
front page photo gallery scala linux/unix alvin on twitter privacy terms & conditions
alvinalexander.com
is owned and operated by
Valley Programming, LLC
 
In regards to links to Amazon.com, As an Amazon Associate
I (Valley Programming, LLC) earn from qualifying purchases
 
This website uses cookies: learn more