This project is read-only.

.jks certificate files

Jun 19, 2012 at 2:05 PM

Since the CERT manager at FEMA has decided to only supply us with .jks files I'm having some serious issues converting them.  Maybe I'm just missing something with keytool.  

Does anyone have an updated command list to go from jks to the .p12 that we have come to know and love?

Jun 20, 2012 at 2:22 PM

Here is what appears to be the solution.  We just need to add a couple of steps to the existing process to generate the PFX from the 

(Replace the XXXXXX with the cogid from the cert, and keypassword with the key password,not the key store password). 

Once completed the cert will use the key password, and no longer have the keystore password in it.  The first step of setting the passwords the same seems to be part of the puzzle.  It doesn’t seem to work correctly without it.


 Set the keystore and key password to the same value:

keytool -storepasswd -new keypassword -keystore IPAWSOPEN_XXXXXX.jks


Export to pfx:

keytool -importkeystore -srckeystore IPAWSOPEN_XXXXXX.jks -destkeystore IPAWSOPEN_XXXXXX.pfx -srcstoretype JKS -deststoretype PKCS12 -srcstorepasskeypassword -deststorepass keypassword -srcalias IPAWSOPEN_XXXXXX -destalias IPAWSOPEN_XXXXXX