Tutorial - Java KeyStores (JKS) With Let's Encrypt

Add certificates to KeyStore and Verify

The key to adding the certs is associating them with the keys


keytool -importcert -alias simple-cert -keystore letsencrypt.jks -storepass test12345 -file .\jks-simple-cert-with-chain.cer
keytool -importcert -alias san-cert -keystore letsencrypt.jks -storepass test12345 -file .\jks-san-cert-with-chain.cer

You may get a message like this

You can say yes to force the keytool to accept the certificate however there is a different ways of also dealing with this error

We can download the Let's Encrypt X3 Intermediate and add it to the store using the following command

keytool -import -trustcacerts -alias LE_INTERMEDIATE -file .\LE_INTERMEDIATE_X3_IDENT.cer -keystore .\letsencrypt.jks -storepass test12345

If we run the commands again we will not get warnings as the intermediate is in the keystore.

Note: even though the intermediates are in the certificate files they are not trusted by the keystore until the intermediate certificate is in the store.

Lets have a look at the JKS using the KeyStore Explorer



As we can see the certificates are associated with the private keys.