Knowledgebase: SSL
JKS (Java KeyStore) to PFX/P12


You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a Tomcat server (or a platform using JKS file type) to a server using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example).



  • Keytool application (supplied along with JDK 1.1 and higher)
  • A JKS file containing the certificate, the private key and the certification chain

Command to create the PFX/P12 file:

> keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12]  -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]  -srcalias [ALIAS_SRC] -destalias [ALIAS_DEST]


You'll need to modify these parameters:

  1. MY_FILE.p12: path to the PKCS#12 file (.p12 or .pfx extension) that is going to be created.
  2. MY_KEYSTORE.jks: path to the keystore that you want to convert.
  3. PASSWORD_PKCS12: password that will be requested at the PKCS#12 file opening.
  4. ALIAS_SRC: name matching your certificate entry in the JKS keystore, "tomcat" for example.
  5. ALIAS_DEST: name that will match your certificate entry in the PKCS#12 file, "tomcat" for example


Related Article :


(1631 vote(s))
Not helpful
Comments (0)