JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Our products range
TBS X509 DigiCert Thawte Sectigo / Comodo CA GlobalSign GeoTrust Certigna ChamberSign SigniFlow
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and timestamping. Further information


Create a JKS (Java, Tomcat, ...) from a PKCS12 or a PFX (Windows)

You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).

Prerequisites:

If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
 -destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.

  • MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.

  • PASSWORD_JKS: password that will be requested at the keystore opening.

  • ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
    N.B.: In case you would export your certificate from a Windows server generating a .PFX file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command: 
    keytool -v -list -storetype pkcs12 -keystore FILE_PFX
    There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

  • ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

 

Other cases:

Useful links