Import Individual Certificates into your Keystore

Use this procedure if certificates (the CA-signed server certificate, intermediate certificates, and the CA root certificate) are obtained as individual certificates instead of in a single PKCS#7 (*.p7b) file. This procedure uses a series of Java keytool commands to import these certificates into an existing keystore. Use the order of import as shown in the procedure: import the root CA first, then any required intermediate certificates, and finally, the CA-signed server certificate.

NOTE:If your certificate was provided within a p7b package, you do not need to import each certificate separately. Instead, use the procedure described in Import Certificates from a p7b package into your Java Keystore.

Before you begin

Obtain a server certificate for your server signed by a Certificate Authority.
Obtain the trusted root CA certificate for the Certificate Authority and any required intermediate certificates.
You need to know the keystore name, password, and alias you used when you created the keystore.

To import certificates into your Java keystore

Add the root CA certificate (CAcert.cer in this example) to the Java keystore that you generated when you created your private key (newkeystore.jks in this example). Use a new alias (root in this example). For example:
```
keytool -importcert -alias root -file CAcert.cer -keystore newkeystore.jks –storetype JCEKS
```

Add each required intermediate certificate (IntermediateCAcert.cer in this example) to the Java keystore:

keytool -importcert -alias intermediate -trustcacerts -file IntermediateCAcert.cer -keystore newkeystore.jks –storetype JCEKS

Add the CA-signed server certificate (EndEntitycert.cer in this example) to the Java keystore. The alias in this command needs to match the alias you specified when you generated your key pair. For example:
```
keytool -importcert -alias rgateway -trustcacerts -file EndEntitycert.cer -keystore newkeystore.jks –storetype JCEKS
```