Converting .jks to p12

Question

How can I convert a .jks file to p12. jks is a java key store file so how can I convert it to the p12 format?

@Matrix do you really find none of the answers below acceptable? With your rep and badges, you should accept or comment as to why none of these are acceptable. — JoeG, Feb 14 '17 at 17:52

score 104 · Answer 1 · edited Nov 27 '20 at 18:46

104

Convert a JKS file to PKCS12 format (Java 1.6.x and above)

keytool \
  -importkeystore \
  -srckeystore KEYSTORE.jks \
  -destkeystore KEYSTORE.p12 \
  -srcstoretype JKS \
  -deststoretype PKCS12 \
  -srcstorepass mysecret \
  -deststorepass mysecret \
  -srcalias myalias \
  -destalias myalias \
  -srckeypass mykeypass \
  -destkeypass mykeypass \
  -noprompt

from A few frequently used SSL commands

edited Nov 27 '20 at 18:46

Codebling

9,069
2
31
58

answered Jun 16 '10 at 14:14

Daniel Silveira

39,329
35
97
120

That's a useful link. Thanks. – dajames Nov 20 '10 at 14:06
Does this conversion only needs to be done for Java 1.6.x and above? I ask because I am on Java 1.7.x and faced a problem where WSKeystore class could not read the cacerts (default keystore file) until I converted it to cacerts.p12. – Prince Dec 11 '13 at 20:12
4

Note that supplying the passwords directly in the command is not a secure practice in general (as noted in the keytool manpage) as the passwords could then be read from your command history or observed with `ps`. If you omit a password, the tool should prompt you for it. – Aaron Novstrup May 06 '14 at 19:37
You've saved my day [Daniel Silveira](/users/1100/daniel-silveira). Thanks for the help. – Anurag Mar 25 '15 at 11:19
"Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value.", https://bugs.openjdk.java.net/browse/JDK-8008292 - so if you want that, you need to use something else – eis Aug 12 '17 at 09:25

score 53 · Answer 2 · edited Jun 19 '18 at 06:57

53

JKS → P12:

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

P12 → JKS:

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

edited Jun 19 '18 at 06:57

Abimaran Kugathasan

29,154
11
70
102

answered May 02 '15 at 21:28

bob

1,057
10
16

score 4 · Answer 3 · answered Sep 15 '16 at 05:28

Here is a one line command for the same.

keytool -importkeystore -srckeystore <MY_KEYSTORE.jks> -destkeystore <MY_FILE.p12> -srcstoretype JKS -deststoretype PKCS12 -deststorepass <PASSWORD_PKCS12> -srcalias <ALIAS_SRC> -destalias <ALIAS_DEST>

Explaining the parameters :

MY_FILE.p12: path to the PKCS#12 file (.p12 or .pfx extension) that is going to be created.
MY_KEYSTORE.jks: path to the keystore that you want to convert.
PASSWORD_PKCS12: password that will be requested at the PKCS#12 file opening.
ALIAS_SRC: name matching your certificate entry in the JKS keystore, "tomcat" for example.
ALIAS_DEST: name that will match your certificate entry in the PKCS#12 file, "tomcat" for example.

score 2 · Answer 4 · answered Feb 27 '19 at 11:49

2

This is for future folks, I found the above answers outdated and on mac I used this command to convert JKS to PKCS12

keytool -importkeystore -srckeystore srckeystore.jks -destkeystore destkeystore.jks -deststoretype pkcs12

answered Feb 27 '19 at 11:49

Kanishk Gupta

359
2
10

score 1 · Answer 5 · answered Mar 04 '19 at 18:12

1

You can use, https://keystore-explorer.org/ Open your jks and save as p12 or open p12 and save as jks.

answered Mar 04 '19 at 18:12

noobius

1,469
6
13

Might need to right click on the key and choose export key pair instead of save as. – noobius Mar 04 '19 at 20:22

Converting .jks to p12

5 Answers5

Linked