First, before buying a certificate you need to create a CSR (Certificate Signing Reqest) which is to be given for buying one. So for that you need to create a private key with in the server. This private key is not supposed to be shared to any one, but you need to create one before generating the CSR.
Follow the below steps.
Generating Keystore file
Run Command
keytool -genkey -alias keyalias -keyalg RSA -keysize 2048 -keystore domain.keystore
This will create a keystore named domain.keystore . You need to replace the domain name with yours. When asked for name and other details, you need to enter domain name for name. If its wild card certificate you need to enter *.domainname as name
Creating CSR
Run Command
keytool -certreq -keyalg RSA -alias keyalias -file csr.txt -keystore domain.keystore
This will create file named csr.txt which needs to shared to purchase the SSL certificate.
Once you got the SSL certificate purchased from the certificate provider follow the below steps.
Installing Root and Intermediate certicates
Most of the SSL providers will share root and intermediatory certificates along with the main certificate. You need to install it one by one starting from ROOT.
Run command
keytool -import -keystore domain.keystore -alias root -file domainroot.ca-bundle
Here the file name domainroot.ca-bundle is the roor file
For intermediate file run command
keytool -import -keystore domain.keystore -alias intrim -file intrimca.crt
Here the file name intrimca.crt is the intermediate file
For installing main certificate run the below command.
keytool -import -keystore domain.keystore -alias keyalias -trustcacerts -file domain.crt
Here the file name domain.crt is the main certificate file. Here the most important thing to note is, you need to use the same alias name used when generating the keystore file in the first step. In the example its keyalias
Hope this information helps people who try to find how to install SSL to a keystore file.
