Build a JKS (Java, Tomcat, ...) from a PKCS12 or PFX (Windows)
You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).Prerequisites:
- Keytool application ( come with JRE ): Download JAVA
- Have a PKCS#12 file (extension .p12 or .pfx) containing the certificate, the private key and the certification chain. If you don't have your certificate in PKCS#12 format here is how to create one:
- With IIS 7.X : Save your certificate in IIS 7.X
- With IIS 8.X and + : Save your certificate in IIS 8.X and higher
- Under Apache (or any platform using PEM file type): Create a PKCS12 from openssl files
If you have the Keytool application and your pkcs12 file, you just have to run this command (attention: in one line) :
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC] -destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]
You'll need to modify these parameters:
- MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.
- MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.
- PASSWORD_JKS: password that will be requested at the keystore opening.
- ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
N.B.: In the case of an export of your certificate from a windows server generating a .PFX file, you will have to find the "alias" name created by Windows. To do this, you can run the following command beforehand:
keytool -v -list -storetype pkcs12 -keystore FILE_PFX
There, the "alias name" field indicates the storage name of your certificate you need to use in the command line. - ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.
Other cases:
- Generate a CSR for Tomcat
- Generate a CSR for Tomcat - Vmware
- Install a Tomcat certificate
- Create a PKCS12 from a JKS
Useful links
- Create a PKCS12 (PFX / P12 / WINDOWS) from a JKS / JAVA keystore
- Install a TOMCAT / JAVA server certificate
- Obtain a server certificate
- Install a Oracle Java code signing certificate
- Obtain a code signing certificate
- Keytool: Keytool documentation
Last edited on 06/23/2021 15:17:22 --- [search]