Keystore Explorer
Keystore Explorer is a graphical user interface with the same powers as OpenSSL, and used for many certificate conversions. This manual describes the most often used functions, like creating a keypair and CSR, importing your certificate into the keystore, exporting the keypair as PFX or PEM format, and importing a PEM key to convert to PFX.
To start from scratch and with a PFX as end result, please follow the items below;
- Create a new KeyStore
- Generate a Key Pair
- Generate a CSR
- (order your certificate and wait for issuance)
- Import a trusted certificate
- Import the CA certificates
- Export a certificate as PFX
Create a new KeyStore
- From the File menu, choose New. Alternatively click on the New tool bar button.
- The New KeyStore Type dialog is displayed. Select the 'PKCS #12 Public-Key Cryptography Standards #12 KeyStore'. Type using the radio buttons.
- Press the OK button.
- The new KeyStore will appear as an additional Untitled tab.
Generate a Key Pair
- From the Tools menu, choose Generate Key Pair.
- The Generate Key Pair dialog will be displayed. Select the RSA Algorithm and a Key Size of 4096 and press the OK button.
- The Generating Key Pair dialog will be displayed and will remain visible until Key Pair generation has completed.
- The Generate Key Pair Certificate dialog will be displayed.
- Select Version 3 and Signature Algorithm SHA256 and enter a Validity Period, Serial Number and Name.
- Press the OK button.
- The New Key Pair Entry Alias dialog will be displayed.
- Enter the alias name for the new Key Pair entry and press the OK button.
- If required the New Key Pair Entry Password dialog will be displayed. Enter the password with which to protect the new Key Pair entry, confirm it and press the OK button.
- The new Key Pair entry will appear in the KeyStore Entries table.
Generate a CSR
- Right-click on the Key Pair entry in the KeyStore Entries table. Select Generate CSR from the pop-up menu.
- If required the Unlock Entry dialog will be displayed. Enter the Key Pair entry's password and press the OK button.
- The Generate CSR dialog is displayed. Select Format PKCS#10 and Signature Algorithm.
- For PKCS#10 format you can optionally enter a company name (which becomes an "unstructuredName" attribute in the request) and/or add the extensions from the certificate to the request. The latter is useful for SSL certificates with SubjectAlternativeName extensions.
- Use the Browse button to select a CSR File location.
- Press the OK button to commence generation and produce the CSR.
- Be aware that you need the created KeyStore later when the certificate has been issued to import.
Import a trusted certificate
- From the Tools menu, choose Import Trusted Certificate. Alternatively click on the Import Trusted Certificate tool bar button:
- The Import Trusted Certificate dialog will appear.
- Select the drive and folder where the certificate file is stored.
- Click on the required certificate file or type the filename into the File Name text box.
- Click on the Import button.
- The Trusted Certificate Alias dialog will appear.
- Enter the alias of the new Trusted Certificate and press OK.
- The new Trusted Certificate entry will appear in the KeyStore Entries table with the chosen alias.
Import the CA certificates
- Select the visible entry for your trusted certificate.
- Right-click on the entry and select 'Edit chain' and then 'Apend certificate'.
- Select the files in the unzipped ZIP file, from the folder 'Root certificates' to import.
Import key pair
- Create a new keystore.
- Right-click anywhere inside the new keystore.
- Select import key pair.
- Import key pair dialog is displayed.
- Select OpenSSL format from the list.
- If applicable, put in the decryption password. Otherwise uncheck the box 'Encrypted Private Key'.
- Use the browse options to select your key storage file and certificate file.
- The New Key Pair Entry Alias dialog will be displayed.
- Enter the alias name for the new Key Pair entry and press the OK button.
- If required the New Key Pair Entry Password dialog will be displayed. Enter the password with which to protect the new Key Pair entry, confirm it and press the OK button.
- The new Key Pair entry will appear in the KeyStore Entries table.
Export a certificate as PFX
- Right-click on the Trusted Certificate entry in the KeyStore Entries table. Select the Export sub-menu from the pop-up menu and from there choose Export Key Pair.
- Export Certificate dialog is displayed.
- Select PKCS #12 format from the list.
- Check the PEM checkbox if the exported certificate is to be PEM encoded. PEM encoding is not available for PKI Path and SPC format exports.
- Use the Browse button to select an export file.
- Press the Export button to commence the export.
- You have now successfully created a PKCS12 / PFX export of your trusted certificate.
Export private key in PEM format
- Right-click on the Trusted Certificate entry in the KeyStore Entries table. Select the Export sub-menu from the pop-up menu and from there choose Export private key.
- Export dialog is displayed, select OpenSSL and press ok.
- Uncheck the box 'encryption'.
- Use the Browse button to select an export file.
- Press the Export button to commence the export.
- You have now successfully exported a private key in PEM format.
SSLCheck
Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues