Java Keystore Creation from SSL Certificate

For Java-based servers that use SSL, you are usually required to convert your SSL certificate to a Java Keystore. It took me some time to figure out the right parameters and tools to create it, so here is the shortcut to creating the file.


  • Your domain name, i.e. “facebook” (without the top-level domain), which we will denote by [NAME] (we assume top-level domain “com” for the time being)
  • A password for the keystore which you will need for the Java server, which we will denote by [PASSWORD]
  • A program called keytool which should be part of your Java SDK
  • The SSL certificate files “[NAME].com.crt”, “ca.key” and “gd_bundle.crt”

You can then go a head and execute the following to commands which will create the keystore file “[NAME].keystore” for you.

openssl pkcs12 -export -in [NAME].com.crt -inkey ca.key -out [NAME].p12 -name [NAME] -CAfile gd_bundle.crt -caname root -chain
keytool -importkeystore -deststorepass [PASSWORD] -destkeypass [PASSWORD] -destkeystore [NAME].keystore -srckeystore [NAME].p12 -srcstoretype PKCS12 -srcstorepass [PASSWORD] -alias [NAME]

Leave a Reply