Wednesday, 19 September 2012

Convert your pfx keystore to jks keystore

Many times we need to convert our PKCS12 keystore/digital signature/digital id file to JKS files.

There are various many ways of doing it . Most blogs talk about how OpenSSL would help you do it and other go on about new tools.But its all within java keytool's capabilities.

Its actually as simple as what I quote below.

Goto your <JAVA_HOME>/jre/bin

keytool -importkeystore -srckeystore MyPfx.pfx -srcstoretype pkcs12 -srcstorepass mysrcpassword  -destkeystore exportfrompfx.jks -deststoretype jks -deststorepass mydestpassword

This process will create a new jks file and call it exportfrompfx.jks

All the certificates with their aliases will be exported from MyPfx.pfx to exportfrompfx.jks

Use the following command then to verify your new keystore:

keytool -list -storetype jks -keystore exportfrompfx.jks -v

To selectively add each certificate use its alias.

Get the alias using the above mentioned list command

keytool -list -storetype jks -keystore exportfrompfx.jks -v

Use keytool to import that alias into your JKS keystore

keytool -importkeystore -srckeystore MyPfx.pfx -srcstoretype pkcs12 -srcstorepass mysrcpassword -srcalias alias -destkeystore exportfrompfx.jks -deststoretype jks -deststorepass mydestpassword -destalias destalias


  1. why do i get the following error?
    fileNoFound exportfrompfx.jks if this file has to be created..

  2. This comment has been removed by the author.

  3. Hi ,

    I have followed this article and i have created jks file using p12 certificate. But when am trying to invoke webservice with this jks i got below error

    No Signature message in client

    Can you tell me why this error came and how to invoke webservice with signature