This post talks about how to convert pfx file to jks file
There are many ways to convert pfx to jks ,
Here we are going to see two ways out of it .
1) Using Java Keytool
2)Using Jetty
For Using Java Keytool ,
We need either JRE or JDK to be Installed . You can find Keytool folder inside it.
what is Keytool ?
Keytool is a tool used by Java systems to configure and manipulate Keystores.
Generating:
For Using Jetty , We need to first download the Jetty Jar.
what is Jetty ?
Eclipse Jetty provides a Web server and javax.servlet container, plus support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. These components are open source and available for commercial use and distribution.
Where do download Jetty ?
https://jar-download.com/artifacts/org.mortbay.jetty/jetty/6.1.25/source-code
Keep the .pfx file and jetty 6.1.25 in one folder
Open command prompt and go until that folder
java -classpath jetty-6.1.25.jar org.mortbay.jetty.security.PKCS12Import <name of pfx file>.pfx <name of jks file>.jks
Once the command is executed enter the password of .pfx file in both input keystore and output keystore
Once it is done.. you can find the .jks file in the same folder that you have the pfx file.
Sample CMD Prompt Code:
C:\Users\WeLearnPega>java -classpath jetty-6.1.25.jar org.mortbay.jetty.security.PKCS12Import UAT.pfx UAT.jks
Enter input keystore passphrase: WeLearnPega
Enter output keystore passphrase: WeLearnPega
Alias 0: le-govnetuser-7729cbd5-0409-41be-b242-f78795bbe307
Adding key for alias le-govnetuser-7730cbd5-0419-42be-b342-f78795bbe307
There are many ways to convert pfx to jks ,
Here we are going to see two ways out of it .
1) Using Java Keytool
2)Using Jetty
For Using Java Keytool ,
We need either JRE or JDK to be Installed . You can find Keytool folder inside it.
what is Keytool ?
Keytool is a tool used by Java systems to configure and manipulate Keystores.
Generating:
- Generate a new Java keystore and new key pair:
- keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
- Generate a certificate signing request (CSR) for an existing Java keystore:
- keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
- Generate a keystore and self-signed certificate:
- keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Importing:
- Import a intermediate CA certificate to an existing Java keystore:
- keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore keystore.jks
- Import a root CA certificate to an existing Java keystore:
- keytool -import -trustcacerts -alias root -file root.crt -keystore keystore.jks
- keytool -import -trustcacerts -alias root -file root.crt -keystore keystore.jks
- Import a signed SSL primary certificate to an existing Java keystore:
- keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
Java Keytool Commands for Conversion:
If you need to change the type of keystore.
- PFX keystore to JKS keystore:
keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore newjkskeystore.jks -deststoretype JKS
- JKS keystore to PFX keystore:
- keytool -importkeystore -srckeystore myjksfile.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore newpfxkeystore.pfx
Java Keytool Commands for Checking:
If you need to check the information within a certificate, or Java keystore, use these commands.
- Check a stand-alone certificate:
- keytool -printcert -v -file mydomain.crt
- Check which certificates are in a Java keystore:
- keytool -list -v -keystore keystore.jks
- Check a particular keystore entry using an alias:
- keytool -list -v -keystore keystore.jks -alias mydomain
- Delete a certificate from a Java Keytool keystore:
- keytool -delete -alias mydomain -keystore keystore.jks
- Change a Java keystore password:
- keytool -storepasswd -new newstorepass -keystore keystore.jks
- Export a certificate from a keystore:
- keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
- List Trusted CA Certs:
- keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
- Import New CA into Trusted Certs:
- keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias mydomain -keystore $JAVA_HOME/jre/lib/security/cacerts
For Using Jetty , We need to first download the Jetty Jar.
what is Jetty ?
Eclipse Jetty provides a Web server and javax.servlet container, plus support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. These components are open source and available for commercial use and distribution.
Where do download Jetty ?
https://jar-download.com/artifacts/org.mortbay.jetty/jetty/6.1.25/source-code
Keep the .pfx file and jetty 6.1.25 in one folder
Open command prompt and go until that folder
java -classpath jetty-6.1.25.jar org.mortbay.jetty.security.PKCS12Import <name of pfx file>.pfx <name of jks file>.jks
Once the command is executed enter the password of .pfx file in both input keystore and output keystore
Once it is done.. you can find the .jks file in the same folder that you have the pfx file.
Sample CMD Prompt Code:
C:\Users\WeLearnPega>java -classpath jetty-6.1.25.jar org.mortbay.jetty.security.PKCS12Import UAT.pfx UAT.jks
Enter input keystore passphrase: WeLearnPega
Enter output keystore passphrase: WeLearnPega
Alias 0: le-govnetuser-7729cbd5-0409-41be-b242-f78795bbe307
Adding key for alias le-govnetuser-7730cbd5-0419-42be-b342-f78795bbe307
Post a Comment