Requirement : Create JKS keystore and truststore out of certificate and private key files given in pem format.

Try to open the certificate and key files and it contains ASCII text that starts with —–BEGIN CERTIFICATE—–, then it is in PEM format.

Using keytool in java, when a keystore is created it already has the private key in it. Keytool does not allow us to import a private key into a keystore. Thus we need to use OpenSSL for this but OpenSSL creates the keystore in pkcs12 format. So we use jetty to convert our pkcs12 into jks format.

OpenSSL for Windows is available from http://www.slproweb.com/products/Win32OpenSSL.html.

Keystore to be created : keystore.pkcs12, Certificate File : test.cert.pem, PrivateKey File : test.key.pem.
openssl pkcs12 -export -out keystore.pkcs12 -in test.cert.pem -inkey test.key.pem
Enter the appropriate password. Now using jetty we can convert the pkcs12 keystore into jks keystore (keystore.jks).
java -cp c:\jetty\lib\jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import keystore.pkcs12 keystore.jks

Now to create truststore file.
keytool -import -alias test -file test.cert.pem -keystore truststore

where truststore is the new TrustStore in jks format. You can import as many other certificates as you need to trust into the truststore. Give the password and type y when asked trust the certificate.