JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and timestamping. Further information


Create a JKS (Java, Tomcat, ...) from a PKCS12 or a PFX (Windows)

You may have to convert a PKCS#12 to a JKS for several reasons. For example, if you have to copy or transfer your certificate from an Apache or Microsoft platform to a Tomcat one or to any platform using JKS file type (Java KeyStore).

Prerequisites:

If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
 -destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12 : indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.

  • MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.

  • PASSWORD_JKS: password that will be requested at the keystore opening.

  • ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
    N.B.: In case you would export your certificate from a Windows server generating a .PFX file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command: 
    keytool -v -list -storetype pkcs12 -keystore FILE_PFX
    There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

  • ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

 

Other cases:

Useful links