Wildcard SSL Certs

For a long time, I have been trying to figure out how to import a wildcard ssl cert into my keystore. Making matters a bit more difficult is the fact that I had to use a key which was generated externally. Keytool will not import keys.

So, after searching, I found a script which will create an OpenSSL PKCS12 keystore, import the key file and certificate, and then convert the keystore into JKS format.

The location of this Unix shell script is http://blogs.warwick.ac.uk/kieranshaw/entry/creating_a_java/ .

Note: I found adding the following import statements to the KeystoreKeyImporter.java file made it functional on my linux box:

import java.security.cert.Certificate;

import java.security.*;

import java.io.*;

import java.util.*;

After running the script, you may need to generate a DSA key so that some clients (Gaim) can connect to the server. This can be accomplished by running the following command on the resultant keystore from above:

keytool -genkey --keyalg dsa -keystore

I hope this provides some help to anyone having trouble importing a wildcard cert into their keystore.

Thank you thank you thank you!

This worked wonderfully for us. This should be cleaned up and put into the official support documentation!