The moose likes Security and the fly likes PFX file not getting imported into keystore Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "PFX file not getting imported into keystore" Watch "PFX file not getting imported into keystore" New topic

PFX file not getting imported into keystore

Ashutosh Shinde
Ranch Hand

Joined: Jun 07, 2001
Posts: 42
I am trying to establish a client side authentication using client certificates issued by IIS 5.0
The certificates are in the PFX format(pkcs12). However, when I try to load the certificate into the keystore using the keytool I get a message which says that the import was not a valid X.509 format.
What could be the problem?
I saw some posts on the net which mentioned that the PFX format is not imported by the Java keystore. In this case, is there any mechanism to convert pfx into a format compatible with JDK?
Pankaj Kr
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
PKCS12 is a format for a keystore and not a certificate. You can list the contents of PKCS12 file using keytool:
keytool -list keystore <pkcs12_file> -storetype PKCS12 -storepass <password>
However, if you want to import the certificate into a JKS or JCEKS keystore, you will have to do some work. First you need to export the certificate from the PKCS12 file and then import the exported certificate into the JKS or JCEKS keystore. Both can be done using keytool.
For the export, you would need the alias of the certificate entry within the PKCS12 file. Unfortunately, PKCS12 keystore doesn't use the default "mykey" alias. Instead, it is "1". I found this out by executing the following program:

Hope, this helps.

Pankaj Kumar
Home - WebLog - J2EE Security
I agree. Here's the link:
subject: PFX file not getting imported into keystore
It's not a secret anymore!