Import a SSL certificate into a Java Keystore through a PKCS12 file

Recently, I had to configure SSL for a few tomcat installations. In some cases, I had to import a PKCS12 file into Java Keystore for the tomcat configuration. It is very simple process yet when I googled around I saw varying answers.

In this article, I am going to explain how to import a SSL certificate into the Java Keystore from a PKCS12 (pfx or p12) file.

Here are the steps:

  1. Navigate to JAVA_HOME\bin\via command prompt.
  2. Execute the following command to import PKCS12 File.
keytool -v -importkeystore -srckeystore yourpkcs12file.p12 
-srcstoretype PKCS12 -destkeystore mykeystore -deststoretype JKS

In the above command, replace “yourpkcs12file.p12with the actual file name with complete path. Replace mykeystore with any name of your choice. Note that the keystore will be automatically created and the certificate will be imported into it.

  1. Enter the PKCS12 password/passphrase for both the Source and Destination password.

Note: It is important that the password for both PKCS12 file and Java keystore are same.

KeyStore Explorer

If you want to examine the contents of a keystore or certificate, there is a keystore explorer which provides graphical user interface for examining the contents. The software is available for both Windows and Mac OS.

Checkout the complete features here.

Screen Shot 2017-10-01 at 00.03.26

Discussion