> > Google words like : > > " > import openssl private key into keytool > " > > Find results like : > > > http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863 > > I wasted 4-5 hours of my life recently importing an OpenSSL key in a PEM into a Cassandra keystore using exactly that article as a starting point (the server's hostname already had a certificate and key in our ops CA, and for various reasons we didn't want to revoke and reissue it.).
Even when you get the key imported, keytool will then frequently refuse to pair that key entry with the certificate when you import the certificate...and it will instead store the certificate in a new keystore entry. Which won't work because the alias names on the keystore entries for the key and certificate will be different (you need one entry storing both key and certificate). I did _finally_ get it to work but I can't tell you how I did it...it was a lot of manually editing PEM files, converting them to DERs and then trying every possible combination of keytool import flags. -J
