Import Certificates from a p7b package into your Java Keystore

The Certification Authority may provide you with a PKCS#7 package (*.p7b) that contains the full chain of certificates required to authenticate your server (the CA-signed server certificate, intermediate certificates, and the CA root certificate). This procedure uses Java keytool command to import the certificates from the p7b file into your Java keystore.

NOTE:If you have individual certificates not contained within a p7b package do not use this procedure. You will need to import each certificate separately. See the procedure described in Import Individual Certificates into your Keystore.

Before you begin

  • Obtain a PKCS#7 package (*.p7b) from the Certification Authority that contains the CA-signed server certificate, intermediate certificates, and the CA root certificate.

  • You need to know the keystore name, password, and alias you used when you created the keystore.

To import certificates contained within a p7b file

  • Add the certificates from the PKCS #7 file (FullChainOfCerts.p7b in this example) to the Java keystore. The alias in this command needs to match the alias you specified when you generated your key pair. For example:

    keytool -importcert -alias rgateway -trustcacerts -file FullChainOfCerts.p7b -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../bc-fips-1.0.1.jar -keystore newkeystore.bcfks –storetype  BCFKS