Converting PFX to Java KeyStore (JKS) and use with Application Servers
Personal Information Exchange Format (PFX) is an Encrypted security file. It stores secure certificates used to authenticate a device like computer or web servers, pfx files enables transfer of certificates and their private keys from one computer to another or to removable media. The Microsoft Windows CryptoAPI uses the PFX format, also known as PKCS #12.
What is Java KeyStore file?
JKS also similar to PFX file, It is a repository to store the certificates and private keys. But the JKS files are very specific to Java and its applications.
Application servers like Tomcat, Oracle WebLogic, IBM WebSphere uses JKS file as a KeyStore.
- Java JDK or JRE installed and the System Variable Path has been set with the Java path
- Tomcat (Optional) in case if you need to install JKS Store to install in it.
Converting between formats using KeyTool:
- PFX to JKS keystore:
keytool -importkeystore -srckeystore yourpfxfile.pfx -srcstoretype pkcs12 -destkeystore yourjkskeystore.jks -deststoretype JKS
- JKS to PFX keystore:
keytool -importkeystore -srckeystore yourjksfile.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore yourpfxkeystore.pfx
You will be asked to enter the password for source keystore file(pfx) it should be the same as one you used while exporting the certificate and create a new password for destination file(jks). In this example we use 123456, use the same for Destination Keystore Password for the simplicity
Tomcat SSL Setup with JKS KeyStore:
- Copy the JKS file in your desired location, in this example we store it in C:\Apache Tomcat 9\yourjkskeystore.jks
- Open the tomcat settings.xml file and find where you can enable SSL/HTTPS, normally connector port with 443 or 8443 will be available in the file otherwise we can create a new entry like shown below and add the keystoreFile and keystorePass
- KeystorePass will be the same as you have created
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\Apache Tomcat 9\yourjkskeystore.jks" keystorePass="123456"
- Save the settings.xml file and restart the Tomcat to access the web page with https.
Enjoy your coding!