How to Convert a .pfx File to a Java Keystore .jks with Java

posted on: Wednesday, 22nd of August 2012

We managed to acquire a code signing certificate in .pfx format from Comodo. There are a couple solutions in the internet suggesting to download jetty or install OpenSSL to convert the .pfx to a Java Keystore .jks. However, the solution is much simpler and only requires the keytool included in the Java Development Kit. The whole procedure requires two steps and allows creation of a custom alias for the Java Keystore.

For Step 1), we need to find the alias stored in the .pfx file. Copy your key file (e.g. keyfile.pfx) into the same folder as the Java keytool. Then run the following command in the console to create a listing of all the certificates in your keyfile.

keytool -v -list -storetype pkcs12 -keystore keyfile.pfx > keyfile.txt

Look for "Alias name:" in the outputted keyfile.txt. Your alias name should be called something like the following: "company name llc's comodo ca limited id". This will be our <PFX ALIAS>.

For Step 2), we convert the keyfile.pfx to a Java Keystore. Make sure you enter the <PFX ALIAS> exactly as found in Step 1. The <ALIAS in JKS> can be freely chosen and is your Java Keystore alias.

keytool
  -importkeystore -srckeystore keyfile.pfx -srcstoretype pkcs12 -srcalias "<PFX ALIAS>"
  -destkeystore keyfile.jks -deststoretype jks -destalias "<ALIAS in JKS>"

That's all, that's there too it. The keyfile.jks is your new Java Keystore.