OpenSSL is an open source software library that provides the
pkcs12 command for generating PKCS#12 files from a private key and a certificate.
The private key and certificate must be in Privacy Enhanced Mail (PEM) format (for example, base64-encoded with
----BEGIN CERTIFICATE---- and
----END CERTIFICATE---- headers and footers).
Use the following OpenSSL commands to create a PKCS#12 file from your private key and certificate. If you have one certificate, use the CA root certificate.
openssl pkcs12 -export -in <signed_cert_filename> -inkey <private_key_filename> -name ‘tomcat’ -out keystore.p12
If you have a chain of certificates, combine the certificates into a single file and use it for the input file, as shown below. The order of certificates must be from server certificate to the CA root certificate.
See RFC 2246 section 7.4.2 for more information about this order.
cat <signed_cert_filename> <intermediate.cert> [<intermediate2.cert>] > cert-chain.txt
openssl pkcs12 -export -in cert-chain.txt -inkey <private_key_filename> -name ‘tomcat’ -out keystore.p12
When prompted, provide a password for the new keystore. This password is required for importing the keystore into the Web Help Desk Java keystore.