• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

PFX file not getting imported into keystore

Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to establish a client side authentication using client certificates issued by IIS 5.0
The certificates are in the PFX format(pkcs12). However, when I try to load the certificate into the keystore using the keytool I get a message which says that the import was not a valid X.509 format.
What could be the problem?
I saw some posts on the net which mentioned that the PFX format is not imported by the Java keystore. In this case, is there any mechanism to convert pfx into a format compatible with JDK?
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
PKCS12 is a format for a keystore and not a certificate. You can list the contents of PKCS12 file using keytool:
keytool -list keystore <pkcs12_file> -storetype PKCS12 -storepass <password>
However, if you want to import the certificate into a JKS or JCEKS keystore, you will have to do some work. First you need to export the certificate from the PKCS12 file and then import the exported certificate into the JKS or JCEKS keystore. Both can be done using keytool.
For the export, you would need the alias of the certificate entry within the PKCS12 file. Unfortunately, PKCS12 keystore doesn't use the default "mykey" alias. Instead, it is "1". I found this out by executing the following program:

Hope, this helps.
    Bookmark Topic Watch Topic
  • New Topic