JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard SSL RGS SSL eIDAS SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates PKI Trust Seals
Our products range
TBS X509 Symantec Thawte Comodo GlobalSign GeoTrust Certigna
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility The Lab
Focus
Elliptic Curve Cryptography
TBS INTERNET launches a whole range of ECC SSL certificates. Multi-domains, wildcard, EV, standards... More details
Other activities


Create a JKS (Java, Tomcat, ...) from a PKCS12 or a PFX (Windows)

You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).

Prerequisites:

If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12
 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
 -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.

  • MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.

  • PASSWORD_JKS: password that will be requested at the keystore opening.

  • ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
    N.B.: In case you would export your certificate from a Windows server generating a .PFX file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command: 
    keytool -v -list -storetype pkcs12 -keystore FILE_PFX
    There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

  • ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

 

Other cases:

Useful links

External links