picture of tbs certificates
picture of tbs certificates
Our products range

Build a JKS (Java, Tomcat, ...) from a PKCS12 or PFX (Windows)

You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).


If you have the Keytool application and your pkcs12 file, you just have to run this command (attention: in one line) :
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
-destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.

  • MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.

  • PASSWORD_JKS: password that will be requested at the keystore opening.

  • ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
    N.B.: In the case of an export of your certificate from a windows server generating a .PFX file, you will have to find the "alias" name created by Windows. To do this, you can run the following command beforehand:
    keytool -v -list -storetype pkcs12 -keystore FILE_PFX
    There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

  • ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

Other cases:

Useful links