How to Convert a .pfx File to a Java Keystore .jks with Java
We managed to acquire a code signing certificate in .pfx
format from Comodo. There are a couple
solutions in the internet suggesting to download jetty or install OpenSSL to convert the
.pfx
to a Java Keystore .jks
. However, the solution is much simpler and only requires the
keytool included in the Java Development Kit. The whole procedure requires two steps and allows
creation of a custom alias for the Java Keystore.
For Step 1), we need to find the alias stored in the .pfx
file. Copy your key file (e.g. keyfile.pfx
)
into the same folder as the Java keytool. Then run the following command in the console to create
a listing of all the certificates in your keyfile.
keytool -v -list -storetype pkcs12 -keystore keyfile.pfx > keyfile.txt
Look for "Alias name:" in the outputted keyfile.txt
. Your alias name should be called something like
the following: "company name llc's comodo ca limited id". This will be our <PFX ALIAS>
.
For Step 2), we convert the keyfile.pfx
to a Java Keystore. Make sure you enter
the <PFX ALIAS>
exactly as found in Step 1. The <ALIAS in JKS>
can be freely chosen and is
your Java Keystore alias.
keytool
-importkeystore -srckeystore keyfile.pfx -srcstoretype pkcs12 -srcalias "<PFX ALIAS>"
-destkeystore keyfile.jks -deststoretype jks -destalias "<ALIAS in JKS>"
That's all, that's there too it. The keyfile.jks
is your new Java Keystore.