Converting a Windows PFX or Windows PKCS12 keystore to a .JKS Keystore
Posted: 6/12/12 at 9:30 AM by nkoval
While working with a windows admin, we stumbled on this gem of a piece of code that will allow you to convert a Windows PFX or PKCS12 file into a .jks keystore that can be used with Tomcat.
- KeyTool \- installed as part of the Java SDK
- A PKCS12 file in .pfx or .p12 exported from IIS or Apache
- The name of the alias for the tomcat key \- hint: IIS puts it in GUID format
Obtain the name of the alias for the tomcat key in the certificate file using the following command:
keytool -v -list -storetype pkcs12 -keystore FILE_PFX
Next plug in the source file, alias name, new .jks file name keystore password and new alias into this command:
keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]
NOTE: Casper is coded to look for the destalias "tomcat" in the server.xml file. If you decide to name your destination alias anything different than tomcat, you will need to modify Tomcat's server.xml file and bounce Tomcat.
This link is to the original post that helped me: http://www.tbs-certificats.com/FAQ/en/626.html. I've posted the applicable contents here so that it can be found more easily for others.