Convert wildcard SSL to Java Keystore Format (JKS)

Today we need to get a wildcard SSL certificate into a Java Keystore format. First copy everything you need to a /tmp folder. There are  gd_bundle.crt  , and

1. Concatenate your certificate with gd_bundle:


# cat   gd_bundle.crt >


2. Run the following to convert your SSL combined bundle into PKCS12 format:


#cd /tmp

# openssl pkcs12 -export -name -in  -inkey  -out keystore.p12


-name ( is the domain you are going to be using the key on. Don’t use your * address. Use or something like this.
-in is your signed certificate
-inkey is the key file from the server that generated your CSR (certificate signing request)
-out is just a name I picked

You will be asked to generate a password! Enter you password twice.


3. After that run this to generate your JKS:

(keytool is located in the bin-directory of your JRE-installation.)


#cd /usr/java/bin/

# ./keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias


-destkeystore is the name of the keystore (you are creating it)
-srckeystore is the PCKS12 keystore created above
-alias is the domain from above – make sure it matches the domain from above!

You will be asked to enter the password again. Do so and select a new password (or use the same one as before) when prompted.


4. Now you can verify it:

#keytool -list -v -keystore keystore.jks

That’s all, friends.