keytool importing multiple certificates in single file

You can simply use the free and easy to use GUI Tool Keystore Explorer to import and manage multiple certificates.

If you want to include the CA certificates you should add the -trustcacerts option.

If you have multiple certificate chains in one PEM file you will have to split the file.

A bash script that will import all certificates from a PEM file:

#!/bin/bash
PEM_FILE=$1
PASSWORD=$2
KEYSTORE=$3
# number of certs in the PEM file
CERTS=$(grep 'END CERTIFICATE' $PEM_FILE| wc -l)

# For every cert in the PEM file, extract it and import into the JKS keystore
# awk command: step 1, if line is in the desired cert, print the line
#              step 2, increment counter when last line of cert is found
for N in $(seq 0 $(($CERTS - 1))); do
  ALIAS="${PEM_FILE%.*}-$N"
  cat $PEM_FILE |
    awk "n==$N { print }; /END CERTIFICATE/ { n++ }" |
    keytool -noprompt -import -trustcacerts \
            -alias $ALIAS -keystore $KEYSTORE -storepass $PASSWORD
done

For example:

./jks_import_pem TrustedCAs.PEM changeit truststore.jks

keytool importing multiple certificates in single file

Tags:

Java

Ssl Certificate

Related

Recent Posts