The .jks is not a certificate file but a keystore. You can import the certificate using the keytool
. You should be following the SSL/TLS Configuration HOW-TO in order to understand what you are doing, and why.
Usually you don't get the key from the CA, but create a CSR for them to sign. That way the vendor doesn't have access to your private key, which is an important security measure; despite they have granted you the certificate after validating you own the domain, they won't be able to decrypt your connections.
You can't import the key directly using the keytool
, but you must convert the certificate and the private key into a PKCS 12 file first:
openssl pkcs12 -export -in certificate.crt -inkey private.key -name hostname -out cert-with-the-key.p12
Then, you can import it and the CA bundle:
keytool -importkeystore -deststorepass [password] -destkeystore myserver.jks -srckeystore cert-with-the-key.p12 -srcstoretype PKCS12
keytool -import -alias bundle -trustcacerts -file ca_bundle.crt -keystore myserver.jks