How to Convert a .pfx File to a Java Keystore .jks with Java
We managed to acquire a code signing certificate in
.pfx format from Comodo. There are a couple
solutions in the internet suggesting to download jetty or install OpenSSL to convert the
.pfx to a Java Keystore
.jks. However, the solution is much simpler and only requires the
keytool included in the Java Development Kit. The whole procedure requires two steps and allows
creation of a custom alias for the Java Keystore.
For Step 1), we need to find the alias stored in the
.pfx file. Copy your key file (e.g.
into the same folder as the Java keytool. Then run the following command in the console to create
a listing of all the certificates in your keyfile.
keytool -v -list -storetype pkcs12 -keystore keyfile.pfx > keyfile.txt
Look for "Alias name:" in the outputted
keyfile.txt. Your alias name should be called something like
the following: "company name llc's comodo ca limited id". This will be our
For Step 2), we convert the
keyfile.pfx to a Java Keystore. Make sure you enter
<PFX ALIAS> exactly as found in Step 1. The
<ALIAS in JKS> can be freely chosen and is
your Java Keystore alias.
keytool -importkeystore -srckeystore keyfile.pfx -srcstoretype pkcs12 -srcalias "<PFX ALIAS>" -destkeystore keyfile.jks -deststoretype jks -destalias "<ALIAS in JKS>"
That's all, that's there too it. The
keyfile.jks is your new Java Keystore.