importing an existing x509 certificate and private key in Java keystore to use in ActiveMQ ssl context

Question

I have this in activemq config

<sslContext>
        <sslContext keyStore="file:/home/alex/work/amq/broker.ks"  
 keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 
 trustStorePassword="password"/>
</sslContext>

I have a pair of x509 cert and a key file

How do I import those two to be used in ssl and ssl+stomp connectors? All examples i could google always generate the key themselves, but I already have a key.

I have tried

keytool -import -keystore ./broker.ks -file mycert.crt

but this only imports the certificate and not the key file and results in

2009-05-25 13:16:24,270 [localhost:61612] ERROR TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

I have tried concatenating the cert and the key but got the same result

How do I import the key?

Answer 1

Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore.

Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.exe.

Answer 2

Yes, it's indeed a sad fact that keytool has no functionality to import a foreign key.

For the record, at the end I went with the solution described here

Answer 3

Keytool in Java 6 does have this capability: Importing private keys into a Java keystore using keytool