Generally the process of creating Java keystore that can sign applications (source codes) can be covered in couple of steps that include the client and the certificate issuer:
1. The client creates keystore file and generates private and public key pair
2. The client exports Code Signing Request from the keys with personal and trustworthy data
3. The client sends the CSR to Certificate issuer and waits for approval. Normally it is contacted during pending time.
4. Certificate Issuer sends to the client the signed certificate and probably additional intermediate/root chain certificates that need to be included into the keystore.
5. The client imports the certificate (probably in pkcs7 format) into the original keystore that was used to generate the keys and CSR with the appropriate alias that was used during the creation of the keystore.
6. The keystore is included in Java applications and referenced with the alias so to sign the JARs used in the apps.
However, you can create a JAVA Keystore even if you have a Private Key and Certificate handy with you.Use below procedure to get this job done.
This files need to be merged and exported into pkcs12 format with the help of libssl library.
openssl pkcs12 -export -in cert.crt -inkey private.key -certfile cert.crt -name <certificate(alias)_name> -out keystore.p12
Next this new generated keystore.p12 should be used to create new keystore in JKS format with the help of keytool from the JDK.
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
Hurrey! We have created keystore in jks format from existing private key.
If you found any of the information on this page helpful in anyway then please consider sharing this content with your favorite social network or by leaving your thoughts in the comment section. Thanks!