Add certificates to KeyStore and Verify
The key to adding the certs is associating them with the keys
Commands:
keytool -importcert -alias simple-cert -keystore letsencrypt.jks -storepass test12345 -file .\jks-simple-cert-with-chain.cer
keytool -importcert -alias san-cert -keystore letsencrypt.jks -storepass test12345 -file .\jks-san-cert-with-chain.cer
You may get a message like this
You can say yes to force the keytool to accept the certificate however there is a different ways of also dealing with this error
We can download the Let's Encrypt X3 Intermediate and add it to the store using the following command
keytool -import -trustcacerts -alias LE_INTERMEDIATE -file .\LE_INTERMEDIATE_X3_IDENT.cer -keystore .\letsencrypt.jks -storepass test12345
If we run the commands again we will not get warnings as the intermediate is in the keystore.
Note: even though the intermediates are in the certificate files they are not trusted by the keystore until the intermediate certificate is in the store.
Lets have a look at the JKS using the KeyStore Explorer
simple-cert
san-cert
As we can see the certificates are associated with the private keys.