picture of tbs certificates
picture of tbs certificates
Our products range

Create a PKCS12 (.pfx / .p12) from a JKS / JAVA keystore

You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a Tomcat platform (or a platform using JKS file type) to a platform using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example).

  • Keytool application (supplied along with JDK 1.1 and higher)
  • A JKS file containing the certificate, the private key and the certification chain

If you do have Keytool application and your JKS file, launch the one-line command:
keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12]
-srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]
-srcalias [ALIAS_SRC] -destalias [ALIAS_DEST]

You'll need to modify these parameters:
  • MY_FILE.p12: path to the PKCS#12 file (.p12 or .pfx extension) that is going to be created.
  • MY_KEYSTORE.jks: path to the keystore that you want to convert.
  • PASSWORD_PKCS12: password that will be requested at the PKCS#12 file opening.
  • ALIAS_SRC: name matching your certificate entry in the JKS keystore, "tomcat" for example.
  • ALIAS_DEST: name that will match your certificate entry in the PKCS#12 file, "tomcat" for example.

Useful links