Monday, February 11, 2008

Converting keystores between JKS and P12

Johan dug up these keytool commands, that works with JDK6 and onwards (not in JDK5 and earlier).

JKS → P12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

P12 → JKS
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

I recently retested the p12 to jks conversion on Java 7u79, converting a superadmin.p12 keystore from EJBCA to JKS. Still works!

If you need a CA software that can generate both JKS, P12 or PEM keystores directly so you don't have to convert. Take a look at EJBCA Community, or it's supported big brother EJBCA Enterprise.

6 comments:

  1. THANK YOU for posting this.....I was having all kinds of weird issues and I eventually got my cert converted to P12 and then used your info to get my store created and working.

    Thanks!
    Brian

    ReplyDelete
  2. You are awesome!! Thank you!!

    ReplyDelete
  3. This is great, however what will be the alias of the JKS keystore converted from p12, can it be viewed from keytool -list command, if yes then what will be the password for alias ?

    Thanks in advance!

    ReplyDelete
  4. try it out and you will probably get answers to your questions.

    ReplyDelete
  5. Hi I'm Trying to convert a jks keystore to p12 keystore using the commmand given by you. I faced the following error:

    Problem importing entry for alias Certificate: java.security.KeyStoreException: TrustedCertEntry not supported.

    Would really appreciate your help.
    Thanks,
    Vish

    ReplyDelete