JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Build a JKS (Java, Tomcat, ...) from a PKCS12 or PFX (Windows)

You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).

Prerequisites:

If you have the Keytool application and your pkcs12 file, you just have to run this command (attention: in one line) :
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
-destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.

  • MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.

  • PASSWORD_JKS: password that will be requested at the keystore opening.

  • ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
    N.B.: In the case of an export of your certificate from a windows server generating a .PFX file, you will have to find the "alias" name created by Windows. To do this, you can run the following command beforehand: 
    keytool -v -list -storetype pkcs12 -keystore FILE_PFX
    There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

  • ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

Other cases:

Useful links