You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a Tomcat server (or a platform using JKS file type) to a server using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example).
- Keytool application (supplied along with JDK 1.1 and higher)
- A JKS file containing the certificate, the private key and the certification chain
Command to create the PFX/P12 file:
> keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12] -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12] -srcalias [ALIAS_SRC] -destalias [ALIAS_DEST]
You'll need to modify these parameters:
- MY_FILE.p12: path to the PKCS#12 file (.p12 or .pfx extension) that is going to be created.
- MY_KEYSTORE.jks: path to the keystore that you want to convert.
- PASSWORD_PKCS12: password that will be requested at the PKCS#12 file opening.
- ALIAS_SRC: name matching your certificate entry in the JKS keystore, "tomcat" for example.
- ALIAS_DEST: name that will match your certificate entry in the PKCS#12 file, "tomcat" for example
Related Article :