DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Trending

  • How To Develop a Truly Performant Mobile Application in 2025: A Case for Android
  • Concourse CI/CD Pipeline: Webhook Triggers
  • GitHub Copilot's New AI Coding Agent Saves Developers Time – And Requires Their Oversight
  • Building an AI/ML Data Lake With Apache Iceberg
  1. DZone
  2. Software Design and Architecture
  3. Containers
  4. How to Create a KeyStore in PKCS12 Format

How to Create a KeyStore in PKCS12 Format

In this article, we continue our series on SSL certificates, by introducing the PKCS12 Format and how to use it to create a KeyStore in OpenSSL.

By 
Rishabh Verma user avatar
Rishabh Verma
·
May. 05, 17 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
89.8K Views

Join the DZone community and get the full member experience.

Join For Free

In my last post, I explained how to create a self-signed SSL certificate. You can go to the previous article and generate the certificate and private key as we'll be needing it for creating a KeyStore.

In this article, I'll be explaining how one can create a KeyStore in PKCS12 Format using OpenSSL.

Let's start with "What is PKCS12 Format ?"

A PKCS12(Public-Key Cryptography Standards) defines an archive-file format for storing server certificates, intermediate certificate if any, and private key into a single encryptable file.

Now, let's see how we can create a KeyStore.

For generating a KeyStore, one should already have an existing private key and certificate (self-signed or signed by CA). The following are the steps required for creating a KeyStore:

->Step 1: Create private key and certificate.

After Step 1, you'll  have a key (server.key), a CSR (server.csr), and a certificate (server.crt). We'll be using server.key and server.crt files in our next step.

->Step 2: Create a .pem file. Run the following commands from your terminal:

  • cat server.key > server.pem 
  • cat server.crt >> server.pem 

"A .pem (Privacy Enhanced Mail) file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates)."

The existing key and the certificate would be there in your server.pem file. The Structure of .pem file looks like this:

-----BEGIN RSA PRIVATE KEY-----
(Private Key: domain_name.key contents)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Primary SSL certificate: domain_name.crt contents)
 -----END CERTIFICATE-----

-> Step 3: Create .pkcs12 file.

  • openssl pkcs12 -export -in server.pem -out keystore.pkcs12 

This command will generate the KeyStore with the name keystore.pkcs12. You can use the KeyStore for configuring your server.

So this is how we can generate a KeyStore in PKCS12.

Enjoy :)

Container format (computing)

Published at DZone with permission of Rishabh Verma, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!