Import client self signed cert into java keystore

Question

See also: Can a Java key store import a key pair generated by OpenSSL?

I am provided with the following files to authenticate against a thrift endpoint:

• cacert.pem
• local.crt
• local.key

I am having the hardest time trying to create a keystore that has the client cert in it. The endpoint application has its own CA to authenticate they client certs. I honestly am not sure what needs to be included in the keystore (assuming the client cert, and the endpoint public cert), but for the life of me can not get it working.

Does anyone know how to import a client cert into a keystore? Or, what I need to do in order to get this working? Thanks.

Answer 1

The problem was with the keystore, this is how I finally got it working.

First thing to note is that its not possible (as far as I know) to import private keys into a keystore using keytool...

Knowing that, I converted the local.crt and local.key to a .p12 file via openssl:

openssl pkcs12 -export -in local.crt -inkey local.key -out local.p12

Then used a tool from IBM (keyman): http://www.alphaworks.ibm.com/tech/keyman/download

To import the CA cert (cacert.crt) and then the .p12 file, then saved that as a keystore.

Hope this helps someone!