12

I'm trying to convert x.PFX file to x.JKS file using keytool but I am getting following error:

keytool error: java.lang.Exception: Alias <2> does not exist

Actions that preceded this error are:

Listing x.PFX file content (just to read alias name): 

keytool -v -list -storetype pkcs12 -keystore x.pfx

Enter keystore password: x

Keystore type: PKCS12   
Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: 2
Creation date: 11-nov-2012

Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=x, OU=x, C=x
Issuer: CN=x, O=x, C=x
Serial number: x
Valid from: Wed Oct 24 11:46:10 CEST 2012 until: Fri Dec 13 09:28:40 CET 2013
Certificate fingerprints:

etc.

Converting x.PFX file into x.JKS file using "2" as source alias name

keytool -importkeystore -srckeystore x.pfx -srcstoretype pkcs12 -srcalias 2 -destkeystore x.jks -deststoretype jks -destalias xyz
Enter destination keystore password: y
Re-enter new password: y
Enter source keystore password: x
keytool error: java.lang.Exception: Alias <2> does not exist

I am not sure what I am doing wrong? PFX file contain only one entry with just one alias (2). I also tried using these srcalias values: 2, "2", " 2". Is there any other way to convert PFX into JKS using keytool without knowing source alias name?

tshepang
  • 12,111
  • 21
  • 91
  • 136
mrle
  • 311
  • 1
  • 5
  • 13

5 Answers5

10

I had the exact same problem. I've solved using '1' instead of 2. Don't know why but it worked.

Richard Heller
  • 126
  • 1
  • 3
8

if set alias in pkcs12:

openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -out keystore.p12 -name "myalias"

aftet alias setted successfully:

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS -alias myalias
zoirs
  • 591
  • 5
  • 6
  • This was the answer that helped me, as the name was not set in my pkcs12; once set in the pkcs12, the JKS was able to be created using my desired alias name. – kian Jan 08 '19 at 16:55
3

your command should looks a bit more like this

keytool -importkeystore -srckeystore x.pfx -srcstoretype pkcs12 -***alias*** 2 -destkeystore x.jks -deststoretype jks -destalias xyz
Kyeotic
  • 19,697
  • 10
  • 71
  • 128
daniel
  • 31
  • 2
2

Maybe "2" can't be found, because there are whitespaces included (e.g. "2 ")

If you don't wanna change the alias just remove the options -srcalias and -destalias and it will be imported with the original alias.

Andy
  • 1,964
  • 1
  • 15
  • 29
0

You can use keytool to list the aliases within your *.pfx file, just use the following command:

keytool -list -keystore yourPrivateCertificate.pfx

This will give you something like this:

Enter keystore password:
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

253db30c3ad14553aebb0e5a0a5255d0_e5345748-fe48-42ac-81e7-b48cfb4610dd, Nov 25, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): 
A9:3B:80:3C:D9:63:0E:FF:91:72:AC:11:4B:45:99:14:9E:AD:EC:FB

So in the case above, the following is the alias:

253db30c3ad14553aebb0e5a0a5255d0_e5345748-fe48-42ac-81e7-b48cfb4610dd

This value needs to be used for the source alias

Thomas Sparber
  • 2,827
  • 2
  • 18
  • 34