Here are the instructions on how to import a SSL certificate into the Java Keystore from a PKCS12 (pfx or p12) file.
- Create a new keystore
- Navigate to C:\Program Files\Java\jdk_xxxx\bin\ via command prompt
- Execute: keytool -genkey -alias mycertificate -keyalg RSA -keysize 2048 -keystore mykeystore
- Use password of: Use the same password/passphrase as the PKCS12 file
- What is your first and last name? (should be the dns you're going to use) [Unknown]: server.mydomain.com
What is the name of your organizational unit? [Unknown]: MyCompanysITDepartment
What is the name of your organization? [Unknown]: MyCompany
What is the name of your City or Locality? [Unknown]: CITY
What is the name of your State or Province? [Unknown]: STATE
What is the two-letter country code for this unit? [Unknown]: US
Is CN=...................................... correct? [no]: yes
Enter key password for <mycertificate>
(RETURN if same as keystore password): Hit Return/Enter
- Empty the keystore
- Execute via command prompt: keytool -delete -alias mycertificate -keystore mykeystore
- Ensure nothing is in the keystore by executing: keytool -v -list -keystore mykeystore
- Import the PKCS12 File
- Execute via command prompt: keytool -v -importkeystore -srckeystore whateverthefileis.p12 -srcstoretype PKCS12 -destkeystore mykeystore -deststoretype JKS
- Enter the PKCS12 password/passphrase for both the Source and Destination password.
Sir,
Very Nice Tutorial. Hats Off Sir. Really Supreb Stuff.
Thanks,
Karupiah
Yes I agree, really superb.
thanks a lot !!
What is the point of step 2? Only to create an empty keystore (after step 3)? Or is there something left in the empty keystore that is required to make the import in step 4 succeed? Or in other words, would step 4 fail if you had an empty keystore already and didn't do step 2?
If you already have an empty keystore, you can skip step 2.
Thanks!!! Realy helpfull.