Creating keystore.p12 from letsencrypt certificate for spring boot projects:

Creating keystore.p12 from letsencrypt certificate for spring boot projects:

Step 1: Stop your server

If your server is nginx then use the below command to stop the server.

sudo service nginx stop


Step 2: Generating new letsencrypt certificate

This is to create the new letsencrypt certificate, if you already have one certificate then skip this step.

./certbot-auto certonly -a standalone \ -d -d -d

here -d takes all this domains for this certificates, meaning the same certificate can be used for and domains and subdomains.

Step 3: Converting letsencrypt to keystore.p12

go to /etc/letsencrypt/live/YOUR-CERTIFICATE-FOLDER/

sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root



Step 4: Downloading generated keystore.p12 from server to local

scp -i aws-login.pem ec2-user@aws_ec2_host_name:/etc/letsencrypt/live/ /home/mobaxterm/Desktop/ssl/

here aws-login.pem is a secret file provided by aws to login to their ec2 server.

I used mobaxterm tool to run this scp command and download keystore.p12 from server to local.



Step 5: Placing downloaded keystore.p12 in spring boot project

Now place keystore.p12 in your src/main/resources folder and configure YOUR_SECRET_PASSWORD(should be same like what you have entered while generating the keystore.p12 file) in your spring boot’s file:


1,898 total views, 2 views today

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.