This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
I am trying to establish a client side authentication using client certificates issued by IIS 5.0 The certificates are in the PFX format(pkcs12). However, when I try to load the certificate into the keystore using the keytool I get a message which says that the import was not a valid X.509 format. What could be the problem? I saw some posts on the net which mentioned that the PFX format is not imported by the Java keystore. In this case, is there any mechanism to convert pfx into a format compatible with JDK? Thanks, Ashutosh
PKCS12 is a format for a keystore and not a certificate. You can list the contents of PKCS12 file using keytool: keytool -list keystore <pkcs12_file> -storetype PKCS12 -storepass <password> However, if you want to import the certificate into a JKS or JCEKS keystore, you will have to do some work. First you need to export the certificate from the PKCS12 file and then import the exported certificate into the JKS or JCEKS keystore. Both can be done using keytool. For the export, you would need the alias of the certificate entry within the PKCS12 file. Unfortunately, PKCS12 keystore doesn't use the default "mykey" alias. Instead, it is "1". I found this out by executing the following program: