SSL/TLS in Java is a pain in the behind. Not only is the setup verbose, but the format for certificates and keys is unique. Nginx/Apache/Go/etc seem to be happy using certifiates and keys encoded as PEM files, but Java has its own special KeyStores, with the JKS format being the default.

There are a number of questions on forums, and custom recipes that involve openssl, to convert PEM certificates and keys into formats that can be imported into a Java keystore. I’ve seen and used a lot of them, and while most have worked they’ve all left me a little disappointed. What I wanted was a solution that would allow me to add X509 certificates and certificate chains, and RSA private keys, to a vanilla JKS file, without a whole bunch of hoops.

I would like to present my solution: PEMtoJKS. It is written in Kotlin because it’s a lovely JVM-based language (and I wanted to play with it). It is able to add either a PEM-encoded X509 certificate, or a PEM-encoded X509 certificate chain & associated PEM-encoded RSA private key, to a new or existing JKS store.

Comments, issues, and feedback, are all appreciated.