how to add/convert certificate file into pkcs12 file

Question

I have received the three certificates(.CER files) to access the production server. How I am going to add/convert these certificates into PKCS12 file.

Answer 1

First export your certificates to a keystore and then import the keystore as a pkcs12 file. If you jave java installed you can use keytool command to accomplish both.

1) /jre/bin/keytool -importcert -alias cert1 -keystore keystore.jks -file Cert1.cer
2) /jre/bin/keytool -importkeystore -srckeystore keystore.jks -srcalias cert1 -destkeystore keystore.p12 -deststoretype PKCS12

Similar steps can be done using openssl too.

Answer 2

I got the same error and when it say's 'Do you want to quit the import process? [no]:' keep typing 'no'. It finally said: Import command completed: 1 entries successfully imported, 2 entries failed or cancelled.

It worked and all my certs were imported into the new format correctly.

Answer 3

I just used a older version of keytool executable and the issue was resolved.

Answer 4

the server on which you sign your certification $(hostname -f).pem should have the same java version as the nodes you plan to import cert like the following:

$JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks

if you take lower version on the server to sign your certification but you take new java version on the nodes for TLS/SSL, you will see the warning.