Key and Certificate Management

Keystore and truststore are files used by Java in order to authenticate both client and server when using the HTTPS protocol.

A keystore is used for storing private keys and associated certificate. Whereas a truststore is a pool of trusted certificates used by the client to authenticate/trust connection with third-parties.

Java default truststore is a cacert file located in the java.home/lib/security directory. Where java.home is the runtime environment’s directory.

The default password of Java default truststore is changeit.

For more details on keys and certificates management with the keytool utility, please refer to the keytool man page, or online documentation.

Import a private key

The Java keytool utility does not support importing a private key directly from a file. First convert the private key into PKCS12 format, then merge that file with the Java keystore:

 $ openssl pkcs12 -export -in server.crt -inkey server.key -out file.p12
 $ keytool -importkeystore -srckeystore file.p12 -destkeystore  file.keystore -srcstoretype PKCS12 -destalias company

Import a certificate

To import a certificate into a keystore/truststore:

$ keytool -importcert -keystore file.keystore -file file.crt -alias company

You can now use the keystore and certificate alias to configure HTTPS access to your Squore installation following the instructions in Accessing Squore via HTTPS.