Can a Java key store import a key pair generated by OpenSSL?

Question

I generate a certification key with openssl. Here is my command:

openssl genrsa -des3 -out enc_key.pem 1024

I export into cer f

Answer 1

Why are you using OpenSSL to generate the keypair? Why not just use keytool?

The genrsa tool just generates a private key. How are you creating a corresponding certificate? How are you importing the private key into your Java keystore? (I ask, because keytool can only import a private key from an existing key store, and only from Java 6 onward.)

I suspect that your problem is that your key store doesn't contain a key entry (private key and corresponding certificate). When you list the keystore contents with keytool, how many entries are there? Are they key entries or trusted entries?

---

The server needs access to the private key in order to authenticate itself. To import a private key, use Java 6's enhanced keytool.

After creating the key and the certificate with OpenSSL, use OpenSSL to create a PKCS #12 key store:

openssl pkcs12 -export -in cert.pem -inkey key.pem > server.p12

Then convert this store into a Java key store:

keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12

Now use server.jks in your SSL-enable server, which contains the certificate and the private key.