How to import an existing X.509 certificate and private key in Java keystore to use in SSL?

Question

I have this in an ActiveMQ config:

<sslContext>

        <sslContext keyStore="file:/home/alex/work/amq/broker.ks"  

 keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 

 trustStorePassword="password"/>

</sslContext>

I have a pair of X.509 cert and a key file.

How do I import those two in order to use them in SSL and SSL+stomp connectors? All examples I could google always generate the key themselves, but I already have a key.

I have tried

keytool -import  -keystore ./broker.ks -file mycert.crt

but this only imports the certificate and not the key file and results in

2009-05-25 13:16:24,270 [localhost:61612] ERROR TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

I have tried concatenating the cert and the key but got the same result.

How do I import the key?

Answer 1

Accept or not, keytool does not implement such fundamental functionality like introducing private key to keystore. You can examine this workaround with joining PKSC12 file with private key to a keystore.

Or just use added user-friendly KeyMan from IBM for keystore treatment rather of keytool.exe.