How to create a private key (keypair) entry, then save it in an existing keystore:

Self-signed, DSA private key (keypair) entry

  1. Select task Create DSA private key entry
  2. Fill in the fields
    ==> once all required fields are filled, Action button becomes enabled
  3. Click Action button (located at bottom)
    ==> A dialog shows up, displaying the contents (entries if any) of the keystore
  4. At the bottom of the dialog, enter new alias, enter password, confirm password
  5. Click OK button ==> That's it!

Self-signed, RSA private key (keypair) entry

  1. Select task Create RSA private key entry
  2. Fill in the fields
    ==> once all required fields are filled, Action button (located at bottom) becomes enabled
  3. Click Action button
    ==> A dialog shows up, displaying the contents (entries if any) of the keystore
  4. At the bottom of the dialog, enter new alias, enter password, confirm password
  5. Click OK button ==> Ecco!

Trusted CA, private key (keypair) entry

ie. private key of type RSA.

This is done in 3 steps.

Step 1/3: create private key entry

  1. Select task Create RSA private key entry
  2. Fill in the fields
    ==> once all required fields are filled, Action button becomes enabled
  3. Click Action button
    ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
  4. At the bottom of the dialog, enter new alias, enter password, confirm password
  5. Click OK button

Step 2/3: export CSR

  1. Select task Export certificate from private key entry as CSR file
  2. Fill in the fields
    ==> once all required fields are filled, Action button becomes enabled
  3. Click Action button
    ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
  4. Select the alias pointing to the right private key (the one that was created in step 1/3), enter the respective password
  5. Click OK button
    ==> This will generate a CSR file in PKCS#10 format. Submit this file to your CA (look for a CA that provides code signing certificate).

Step 3/3: import trusted certificate

Once your trusted certificate has been approved by the CA, you should receive it in PKCS#7 format (otherwise convert the one you get).
  1. Select task Import CA certificate reply to private key entry
  2. Fill in the fields
    ==> once all required fields are filled, Action button becomes enabled
  3. Click Action button
    ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
  4. Select the alias pointing to the right private key entry (the one that was created in step 1/3, and used in step 2/3), enter the respective password
  5. Click OK button
    ==> This will import your trusted CA in the respective private key entry.

From private key located in another keystore

  1. Select task Import private key entry from private key in other keystore
  2. Fill in the fields
    ==> once all required fields are filled, Action button becomes enabled
  3. Click Action button
    ==> A dialog shows up, containing the table of all available entries of the selected keystore source
  4. Select an alias,
  5. If keystore source is not of type PKCS12, enter the respective password
  6. Click OK button
    ==> Another dialog shows up, containing the table of all available entries in the selected keystore target.
  7. Enter new alias,
  8. If keystore target is not of type PKCS12, enter new password, confirm new password
  9. Click OK button
    ==> Et voila!