how to: convert pfx to jks

how to: convert pfx to jks

A Java KeyStore (JKS) is a repository of security certificates, either authorization certificates or public key certificates, plus corresponding private keys, used for instance in SSL encryption. Some times the SSL certificate is issued for IIS server which originally contains the CSR of the certificate. SSL certificate process is completed in IIS Server. The certificate and private key can be exported as PFX. It can be used on other servers like tomcat, apache, nginx, etc.. To accomplish this, you need to convert pfx to jks.

There are multiple methods available and each server follow the suitable method. The PFX can be directly imported to keystore which already exists by using the under given command.

keytool -importkeystore -srckeystore “D:\windowstechupdates\Test.pfx” -srcstoretype pkcs12 -destkeystore KEYSTORE.jks -deststoretype jks -deststorepass password

This will import a PFX in already existing .JKS store file.

What if you need to make some changes in the keystore, like removal of expired SSL certificate and addition of RootCA certificate and some other changes? There can be another need to create a complete new java keystore.

A very handy and simple tool to do all the tasks is keystore-explorer. The KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. A KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface. The KeyStore Explorer can be used to create and navigate KeyStores via its intuitive graphical interface. The contents of KeyStores can be created and modified, imported and exported using just a few simple dialogs.

This tool is really good and very easy to follow the on screen instructions. You only need to download this tool and install it on your windows computer. Follow the under given link to download this tool.

https://keystore-explorer.org/

In case to create a new java keysore, create and import the certificate in it. You can also use the old keystore and import the pfx file in it.