certificate -- keystore issue

We have installed 8.2.2.0. I am trying to configure the certs for https ssl handshake. for that I have created keystore files by using keytool.
1.private_wm82.key
2. csr_wm82.csr
3.wm82.pem
4.wm82.jks
5.certificate_wm82.pfx
Now i tried to import the Certificate into a Java Keystore. by using the command
keytool -import -file wm82.pem -keystore wm82.jks -alias mykey -trustcacerts
it was added to keystore. but the issue is when i run the below command i got error
command: java org.mortbay.jetty.security.PKCS12Import certificate_wm82.pfx wm82.jks
error: Exception in thread “main” java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.mortbay.jetty.security.PKCS12Import.main(PKCS12Import.java:97)

Please help me out in this.

Thanks in Advance,
Noor Shaik

Have you tried using these UI tool?

http://code.google.com/p/keytool-iui/

use the keytool java command line it lives under the jvm bin. There is also a gui tool called portecle but command line is simple. You can make jks and/or pcks12 both supported in IS 8.x. With pcks12 it will also be easier to import x509 certs into Windows Servers.
+1 on the comments to include the .jks file in the path.

OR

If you want to replace keytool with a GUI tool then you can also use CERTivity.
http://www.edulib.com/products/keystores-manager/

CERTivity aims at making it easier to manage digital security-related assets from any source.

In addition to tools mentioned by rmg, KeyStore Explorer (which was basis for portecle a few years back) is a good tool. It can handle old-format IS keys.

I erased my post sorry. I’ve read to quickly the previous posts.

no worries! :smiley:

Do you have openssl available to you? If so this can be done fairly simply with something like this:

openssl pkcs12 -export -in wmprd_company_com.cer -out wmprd.company.com.keystore.p12 -name “wmprd_company_com” -certfile chain.cer -inkey privkey.pem

where chain.cer is: cat entrust_l1c.cer entrust_ca.cer > chain.cer

Hi Noor,

As our experts already mentioned above, keytool command line does not support .pem format. So you can use openssl for this.

-Niteesh