Many times we need to convert our PKCS12 keystore/digital signature/digital id file to JKS files.
There are various many ways of doing it . Most blogs talk about how OpenSSL would help you do it and other go on about new tools.But its all within java keytool's capabilities.
Its actually as simple as what I quote below.
Goto your <JAVA_HOME>/jre/bin
This process will create a new jks file and call it exportfrompfx.jks
All the certificates with their aliases will be exported from MyPfx.pfx to exportfrompfx.jks
Use the following command then to verify your new keystore:
To selectively add each certificate use its alias.
Get the alias using the above mentioned list command
Use keytool to import that alias into your JKS keystore
There are various many ways of doing it . Most blogs talk about how OpenSSL would help you do it and other go on about new tools.But its all within java keytool's capabilities.
Its actually as simple as what I quote below.
Goto your <JAVA_HOME>/jre/bin
keytool -importkeystore -srckeystore MyPfx.pfx -srcstoretype pkcs12 -srcstorepass mysrcpassword -destkeystore exportfrompfx.jks -deststoretype jks -deststorepass mydestpassword
This process will create a new jks file and call it exportfrompfx.jks
All the certificates with their aliases will be exported from MyPfx.pfx to exportfrompfx.jks
Use the following command then to verify your new keystore:
keytool -list -storetype jks -keystore exportfrompfx.jks -v
To selectively add each certificate use its alias.
Get the alias using the above mentioned list command
keytool -list -storetype jks -keystore exportfrompfx.jks -v
Use keytool to import that alias into your JKS keystore
keytool -importkeystore -srckeystore MyPfx.pfx -srcstoretype pkcs12 -srcstorepass mysrcpassword -srcalias alias -destkeystore exportfrompfx.jks -deststoretype jks -deststorepass mydestpassword -destalias destalias
