How to import a secret key into key store by keytool

Question

I would like to make my Liberty application to connect the Bluemix Secure Gateway'sdestination with TLS Mutual Auth. I tried to create a key store and import a cert and a secret key into the key store by keytool, but I don't know the keyalias of the secret key. I can't execute the command which imports the secret key into the key store. (The cert and the secret key were provided by Bluemix Secure Gateway's destination with TLS Mutual Auth(*))

*Bluemix Secure Gateway
https://www.ng.bluemix.net/docs/services/SecureGateway/index.html

Could you teach me how to know the keyalias of the secret key ? Or could you teach me any other way by keytool (not java code) to create keystore and import the secret key and cert but the following procedure ?

[the files provided by Bluemix Secure Gateway's destination]
destination_id_key.pem
destination_id_cert.pem

[procedure]

create a key store and import the cert into the key store at once
# keytool -import -file *destination_id*_cert.pem -keystore myKeyStore.jks -storepass password -alias mutual_cert
import the secret key into the key store
# keytool -importseckey -keyalias XXXXX -keystore myKeyStore.jks -storepass password -storetype jks -importfile *destination_id*_cert.pem

You already have the answer in the question. – OrangeDog Apr 18 '23 at 08:26 — OrangeDog, Apr 18 '23 at 08:26

Brian Gleeson - IBM · Answer 1 · 2015-07-01T09:13:07.140

As far as I'm aware, the alias value is a name that you set to identify that particular key within your own keystore. The key/cert does not have its own alias, so it's completely up to you what alias to use. Later if you need to remove that key/cert, or perform some other action on it, then you use your custom alias in the command. So you can just do something like this:

# keytool -importcert -alias myCustomAlias -file *destination_id*_cert.pem -keystore myKeyStore.jks -storepass password -storetype jks

Afterwards, use the command keytool -list -keystore myKeyStore.jks to see a list of your keys/certs. Each entry will be listed under the alias that you chose for that key/cert, e.g.:

myCustomAlias, 01-Jul-2015, trustedCertEntry,
Certificate fingerprint (SHA1): AA:BB:CC:DD:EE:FF:11:22:33:44:55:66:77:88:99:00:AA:BB:CC:DD

Note: -importseckey1, -keyalias and -importfile that you have used in your example command are not valid options for keytool. -importcert, -alias and -file are the correct option names, but they may just have been typos on your part when creating the question.

score 0 · Accepted Answer · answered Jun 30 '15 at 13:16

0

There is an example using openssl in the documentation to create a key store using the destination cert and key.

https://www.ng.bluemix.net/docs/services/SecureGateway/sg_023.html#sg_007

answered Jun 30 '15 at 13:16

Alex Yurkowski

1,676
1
12
26

How to import a secret key into key store by keytool

2 Answers2

Linked