{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Ridiculous、 的问题《Need help converting P12 certificate into JKS》','https://www.manongdao.com/q-614973.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need some help converting my .P12 certificate file into a JKS keystore. I've followed the standard commands using Java's keytool utility. However, when I try and use the resulting JKS file to access the WS endpoint via SOAPUI, I get a 403.7 error - Forbidden: SSL certificate is required. Using the P12 file with SOAPUI against the same endpoint produces a successful response. Here is the standard command for importing a P12 keystore into a JKS keystore -
keytool -importkeystore -srckeystore src.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore target.jks
I also tried using openssl to convert the P12 -> PEM -> DER -> JKS:
openssl pkcs12 -in src.p12 -out src.pem -clcerts
(Edit src.pem into its two composite parts called src.key and src.cer)
openssl pkcs8 -topk8 -nocrypt -in src.key -out key.der -inform PEM -outform DER
openssl x509 -in src.cer -inform PEM -out cert.der -outform DER
(I ran a utility to combine the two keys into keystore.ImportKey )
keytool -importkeystore -srckeystore keystore.ImportKey -destkeystore target.JKS
and similiarly no dice.
Is there something I'm missing?
I am surprised why No one has answered this question for so long. Anyways the easiest method to convert p12 to jks is by using Keytool. Following is the command you might need to use:
I believe the issues you are facing are probably because you didn't provide Keypass. Please note that its a good practice to keep the keypass and storepass as same, since at times the server is unable to distinguish between keypass and storepass.
But he asked how to convert .p12 to JKS, so the answer is:
Just had to use this line, works for me.
If you do have Keytool application and your PKCS#12 file, launch the one-line command:
You'll need to modify these parameters:
MY_FILE.p12: indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.PASSWORD_JKS: password that will be requested at the keystore opening.ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.In case you would export your certificate from a Windows server generating a
.PFXfile, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command:There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.
ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.