Sample code for 30+ languages & platforms
PHP Extension

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$jks = new CkJavaKeyStore();

$jksPassword = 'myJksPassword';
$jksPath = '/someDir/keyStore.jks';

// Load the Java keystore from a file.
$success = $jks->LoadFile($jksPassword,$jksPath);
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

// A JKS private key entry consists of both the private key,
// it's associated certificate (which contains the matching public key
// within the X.509 of the certificate), and the certificates in the
// chain of authentication to the root.
// 
// Therefore, to add a private key entry to a JKS requires
// a Chilkat certificate object that has a private key and which also
// has the certificate chain (up to the root) available.

// There are many ways to get a Chilkat certificate object
// that contains (within it) the private key and the certificate chain
// This example will show two possibilities:
// (1) Where the cert and issuing root are provided in PEM format in .crt files,
// and the private key is also provided in unencrypted PEM format (.key file).
// (2) Where the cert, private key, and issuing root are provided in a single PFX.

// First for the .crt / .key files:
$cert = new CkCert();

// Chilkat will automatically determine the format of the cert file and load it correctly.
$success = $cert->LoadFromFile('/mycerts/alice.crt');
if ($success != true) {
    print $cert->lastErrorText() . "\n";
    exit;
}

// Certificates required for building the chain of authentication can be
// added to an XML certificate vault object, and then provided as
// a source for obtaining certs when building the chain.
$certVault = new CkXmlCertVault();
$success = $certVault->AddCertFile('/mycerts/ca.crt');
if ($success != true) {
    print $certVault->lastErrorText() . "\n";
    exit;
}

$success = $cert->UseCertVault($certVault);
if ($success != true) {
    print $cert->lastErrorText() . "\n";
    exit;
}

// Now provide the associated private key to the certificate object.
// The Chilkat private key class provides methods for loading from many formats (both
// encrypted and unencrypted).
$privKey = new CkPrivateKey();
$success = $privKey->LoadPemFile('/mycerts/alice.key');
if ($success != true) {
    print $privKey->lastErrorText() . "\n";
    exit;
}

// Provide the certificate object with the private key:
$success = $cert->SetPrivateKey($privKey);
if ($success != true) {
    print $cert->lastErrorText() . "\n";
    exit;
}

// Our certificate object now contains all that we need to add it as a private key entry
// to the Java keystore:
$alias = 'alice';
$success = $jks->AddPrivateKey($cert,$alias,$jksPassword);
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

// Write the updated JKS, which contains the new private key entry w/ certificate chain.
$success = $jks->ToFile($jksPassword,$jksPath);
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

print 'Added new private key entry (from .crt and .key files) to the JKS!' . "\n";

// Now let's add a new private key entry from a PFX that contains a single
// private key with associated cert and cert chain.
$pfx = new CkPfx();

$success = $pfx->LoadPfxFile('/myPfxFiles/my.pfx','pfxPassword');
if ($success != true) {
    print $pfx->lastErrorText() . "\n";
    exit;
}

// This is easy -- simply add the PFX to the JKS
$alias = 'bob';
$success = $jks->AddPfx($pfx,$alias,$jksPassword);
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

// Write the updated JKS, which contains the new private key entry w/ certificate chain
// that came from the PFX.
$success = $jks->ToFile($jksPassword,$jksPath);
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

print 'Added new private key entry (from PFX) to the JKS!' . "\n";

?>