From certification authority we get three files:
Intermediate_CA_chain.cer (certificate chain)
SERVER_CERTIFICATE.cer (server certificate)
PRIVATE_KEY.key (private key)
- Conversion from PEM to PKCS#7
on the page https://www.ssls.cz/converter.html is conversion PEM (.cer, .crt, .pem) to PKCS#7 (.p7b, .p7c, .p7s),
(we will use server certificate = SERVER_CERTIFICATE.cer and Intermediate CA (Intermediate_CA_chain.cer)), so I made a .p7b file (NEW.p7b).
Maybe the following command can be also used instead of the previous step with web form (I did not try this):
openssl crl2pkcs7 -nocrl -certfile SERVER_CERTIFICATE.cer -out NEW.p7b -certfile Intermediate_CA_chain.cer),
Finally I have created NEW.cer (our new certificate chain) file with following:
openssl pkcs7 -print_certs -in NEW.p7b -out NEW.cer
(maybe it could be OK to skip the step 1. and just use Intermediate_CA_chain.cer instead of the NEW.cer - I did not try this)
- Import of the private key (PRIVATE_KEY.key) and server certificate (SERVER_CERTIFICATE.cer) to the java keystore (game_keystore.jks)
(https://secure.marumoto.us/motowiki/tiki-index.php?page=Import+a+private+key+and+certificate+into+a+Java+Keystore)
openssl pkcs12 -export -in SERVER_CERTIFICATE.cer -inkey PRIVATE_KEY.key -out KEYSTORE.p12 -name game_key
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore game_keystore.jks
- Import of the chain of certificates to the SAME keystore (game_keystore.jks) with THE SAME ALIAS as in the previous step
keytool -importcert -trustcacerts -alias game_key -file NEW.cer -keystore game_keystore.jks -storepass SECRET_PASSWORD -keypass SECRET_PASSWORD
Finally it is possible to view the content of the final java keystore:
keytool -list -v -keystore game_keystore.jks
