Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

PFX file not getting imported into keystore

 
Ashutosh Shinde
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to establish a client side authentication using client certificates issued by IIS 5.0
The certificates are in the PFX format(pkcs12). However, when I try to load the certificate into the keystore using the keytool I get a message which says that the import was not a valid X.509 format.
What could be the problem?
I saw some posts on the net which mentioned that the PFX format is not imported by the Java keystore. In this case, is there any mechanism to convert pfx into a format compatible with JDK?
Thanks,
Ashutosh
 
Pankaj Kr
Author
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
PKCS12 is a format for a keystore and not a certificate. You can list the contents of PKCS12 file using keytool:
keytool -list keystore <pkcs12_file> -storetype PKCS12 -storepass <password>
However, if you want to import the certificate into a JKS or JCEKS keystore, you will have to do some work. First you need to export the certificate from the PKCS12 file and then import the exported certificate into the JKS or JCEKS keystore. Both can be done using keytool.
For the export, you would need the alias of the certificate entry within the PKCS12 file. Unfortunately, PKCS12 keystore doesn't use the default "mykey" alias. Instead, it is "1". I found this out by executing the following program:

Hope, this helps.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic