Geek Answers Handbook

Keytool imports multiple certificates in a single file

How to import multiple certificates into one file using keytool [in certificate store]?

keytool -importcert imports only the first.

+7
source share
3 answers

If you want to enable CA certificates, you must add the -trustcacerts option.

If you have multiple certificate chains in one PEM file, you need to split the file .

+4
source

A bash script that will import all certificates from a PEM file:

 #!/bin/bash PEM_FILE=$1 PASSWORD=$2 KEYSTORE=$3 # number of certs in the PEM file CERTS=$(grep 'END CERTIFICATE' $PEM_FILE| wc -l) # For every cert in the PEM file, extract it and import into the JKS keystore # awk command: step 1, if line is in the desired cert, print the line # step 2, increment counter when last line of cert is found for N in $(seq 0 $(($CERTS - 1))); do ALIAS="${PEM_FILE%.*}-$N" cat $PEM_FILE | awk "n==$N { print }; /END CERTIFICATE/ { n++ }" | keytool -noprompt -import -trustcacerts \ -alias $ALIAS -keystore $KEYSTORE -storepass $PASSWORD done

For example:

 ./jks_import_pem TrustedCAs.PEM changeit truststore.jks
+8
source

I wanted to do the same, but apparently this is only possible if you import the key:

There are two types of records - key records and trusted certificate records, and only a key record can contain a "chain" of certificates attached to it. Trusted certificate entries are all certificate entries.

( https://www.java.net/node/674524#comment-709695 )

I even tried converting to PKCS # 7 at the beginning , but it didn’t work due to the above reason or because my version of keytool was too old.

Therefore, at first it was necessary to split the file into separate certificates:

 cat certchain.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > ("cert" n ".pem")}'

( https://serverfault.com/q/391396/58568 )

Then import each separately.

+1
source

More articles:


All Articles