欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

[转] Create a Java Keystore (.JKS) from Let's Encrypt Certificates httpspkcs12opensslkeystore 

程序员文章站 2022-07-15 13:57:01
...
原文地址:https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm

Application server like Jetty, Glassfish or Tomcat need a keystore (.jks) in order to properly handling the certificates. These three simple steps will create a valid keystore file for your application server using the Let's Encrypt service. Have fun, be encrypted!

1) Create keys
./certbot-auto certonly --standalone -d DOMAIN.TLD -d DOMAIN_2.TLD --email EMAIL@EMAIL.TLD

Change to the directory (probably /etc/letsencrypt/live/DOMAIN.tld) where the certificates were created.

2) Create a PKCS12 file containing full chain and private key
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name NAME

3) Convert PKCS12 to Keystore
The STORE_PASS is the password which was entered in step 2) as a password for the pkcs12 file.
keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias NAME

If you happen to get a java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded, you have probably forgotten to enter the correct password from step 2.

References