Converting PFX to Java KeyStore (JKS) and use with Application Servers

Personal Information Exchange Format (PFX) is an Encrypted security file. It stores secure certificates used to authenticate a device like computer or web servers, pfx files enables transfer of certificates and their private keys from one computer to another or to removable media. The Microsoft Windows CryptoAPI uses the PFX format, also known as PKCS #12.

What is Java KeyStore file?

JKS also similar to PFX file, It is a repository to store the certificates and private keys. But the JKS files are very specific to Java and its applications.
Application servers like Tomcat, Oracle WebLogic, IBM WebSphere uses JKS file as a KeyStore.


Converting between formats using KeyTool:

keytool -importkeystore -srckeystore yourpfxfile.pfx -srcstoretype pkcs12 -destkeystore yourjkskeystore.jks -deststoretype JKS
keytool -importkeystore -srckeystore yourjksfile.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore yourpfxkeystore.pfx

You will be asked to enter the password for source keystore file(pfx) it should be the same as one you used while exporting the certificate and create a new password for destination file(jks). In this example we use 123456, use the same for Destination Keystore Password for the simplicity

Tomcat SSL Setup with JKS KeyStore:

To copy:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\Apache Tomcat 9\yourjkskeystore.jks" keystorePass="123456"
clientAuth="false" acceptCount="100"/>

Enjoy your coding!

Senior Java Developer