|# input: fullchain.pem and privkey.pem as generated by the "letsencrypt-auto" script when run with|
|# the "auth" aka "certonly" subcommand|
|# convert certificate chain + private key to the PKCS#12 file format|
|openssl pkcs12 -export -out keystore.pkcs12 -in fullchain.pem -inkey privkey.pem|
|# convert PKCS#12 file into Java keystore format|
|keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks|
|# don't need the PKCS#12 file anymore|
|# Now use "keystore.jks" as keystore in jetty with the keystore password you specfied when you ran|
|# the "keytool" command|
This is in Jetty's documentation. You'll find it here: http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#loading-keys-and-certificates. Thanks for posting a succinct example here, though!
Putting the file into a
(The call to
Indeed, this is a feature of modern JDKs; they have deprecated the proprietary JKS-format in favour of PKCS12, so you can use the PKCS12 output from the openssl-step directly.
You can recognise this from your Keytool output; Your Java can handle PKCS12 keystores if your keytool shows the warning: