Use this procedure if certificates (the CA-signed server certificate, intermediate certificates, and the CA root certificate) are obtained as individual certificates instead of in a single PKCS#7 (*.p7b) file. This procedure uses a series of Java keytool commands to import these certificates into an existing keystore. Use the order of import as shown in the procedure: import the root CA first, then any required intermediate certificates, and finally, the CA-signed server certificate.
NOTE:If your certificate was provided within a p7b package, you do not need to import each certificate separately. Instead, use the procedure described in Import Certificates from a p7b package into your Java Keystore.
Before you begin
Obtain a server certificate for your server signed by a Certificate Authority.
Obtain the trusted root CA certificate for the Certificate Authority and any required intermediate certificates.
You need to know the keystore name, password, and alias you used when you created the keystore.
To import certificates into your Java keystore
Add the root CA certificate (CAcert.cer in this example) to the Java keystore that you generated when you created your private key (newkeystore.jks in this example). Use a new alias (root in this example). For example:
keytool -importcert -alias root -file CAcert.cer -keystore newkeystore.jks –storetype JCEKS
Add each required intermediate certificate (IntermediateCAcert.cer in this example) to the Java keystore:
keytool -importcert -alias intermediate -trustcacerts -file IntermediateCAcert.cer -keystore newkeystore.jks –storetype JCEKS
Add the CA-signed server certificate (EndEntitycert.cer in this example) to the Java keystore. The alias in this command needs to match the alias you specified when you generated your key pair. For example:
keytool -importcert -alias rgateway -trustcacerts -file EndEntitycert.cer -keystore newkeystore.jks –storetype JCEKS