Create a JKS (Java, Tomcat, ...) from a PKCS12 or a PFX (Windows)
You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).Prerequisites:
- Keytool application ( come with JRE ): Download JAVA
- A PKCS#12 file (.p12 or .pfx extension) containing the certificate, the private key and the certification chain. If you do not have a PKCS#12 certificate, follow those instructions explaining how to create one:
- Under IIS: Save your IIS5 or IIS6 or IIS7 certificate and its private key
- Under Apache (or any platform using PEM file type): Create a PKCS12 from openssl files
If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
-destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]
You'll need to modify these parameters:
- MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.
- MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.
- PASSWORD_JKS: password that will be requested at the keystore opening.
- ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
N.B.: In case you would export your certificate from a Windows server generating a .PFX file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command:
keytool -v -list -storetype pkcs12 -keystore FILE_PFX
There, the "alias name" field indicates the storage name of your certificate you need to use in the command line. - ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.
Other cases:
- Generate a CSR for Tomcat
- Generate a CSR for Tomcat - Vmware
- Install a Tomcat certificate
- Create a PKCS12 from a JKS
Useful links
- Create a PKCS12 (PFX / P12 / WINDOWS) from a JKS / JAVA keystore
- Install a TOMCAT / JAVA server certificate
- Obtain a server certificate
- Install a Oracle Java code signing certificate
- Obtain a code signing certificate
- Keytool: Keytool documentation
Last edited on 07/24/2020 09:11:15 --- [search]