Creating PKCS12 file
If your certificate and private key are separate, you will need to combine them into a pkcs12 wrapper file to be able to import into a Java keystore.
You will need to pass in the private key and the certificate as well as give the output file a name.
#> openssl.exe pkcs12 -inkey www.cccu.org.key -in www.cccu.org.cer -export -out www.cccu.org.pkcs12
If the CA who issued your certificate requires a chain of certificates for authentication (i.e. verisign), you will need to get all certs in the chain and add them to the pkcs12 file. If openssl has the other certificates in the chain installed already, you can try to have it pull the chain automatically with the-chainoption. If this doesn't work the command will not succeedbut the pkcs12 file may still be created.
#> openssl.exe pkcs12 -chain -inkey www.cccu.org.key -in www.cccu.org.cer -export -out www.cccu.org.pkcs12
If this option doesn't work, then you should get all the certificates in the chain and concatenate them together. To get the other certs you will have to find them in the certificate manager and export them in x509 (DER) format. Once you have them you can arrange them in order going up to the root and concatenate them into one file. Then run the original command with the new chain file.
#> cat www.cccu.org.cer intermediate-cert.cer root-cert.cer > cert-chain.txt
#> openssl.exe pkcs12 -inkey www.cccu.org.key -in cert-chain.txt -export -out www.cccu.org.pkcs12
Importing PKCS12 file into keystore
You will need to run a java method packaged with Jetty to import the pkcs12 file into the keystore. The following command will import your pkcs12 file into the keystore.
#> java -cp lib\jetty.jar;lib\jetty-util.jar org.mortbay.jetty.security.PKCS12Import www.cccu.org.pkcs12 keystore