A user might create a private key using another tool and want to use it in Java. Now one has to use openssl to create a pkcs12 file. See https://stackoverflow.com/questions/906402/how-to-import-an-existing-x509-certificate-and-private-key-in-java-keystore-to-u. It will be nice if keytool can directly import a private key (along with its cert) into a keystore.