The Certification Authority may provide you with a PKCS#7 package (*.p7b) that contains the full chain of certificates required to authenticate your server (the CA-signed server certificate, intermediate certificates, and the CA root certificate). This procedure uses Java keytool command to import the certificates from the p7b file into your Java keystore.
NOTE:If you have individual certificates not contained within a p7b package do not use this procedure. You will need to import each certificate separately. See the procedure described in Import Individual Certificates into your Keystore.
Before you begin
Obtain a PKCS#7 package (*.p7b) from the Certification Authority that contains the CA-signed server certificate, intermediate certificates, and the CA root certificate.
You need to know the keystore name, password, and alias you used when you created the keystore.
To import certificates contained within a p7b file
Add the certificates from the PKCS #7 file (FullChainOfCerts.p7b in this example) to the Java keystore. The alias in this command needs to match the alias you specified when you generated your key pair. For example:
keytool -importcert -alias rgateway -trustcacerts -file FullChainOfCerts.p7b -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../bc-fips-1.0.1.jar -keystore newkeystore.bcfks –storetype BCFKS