Convert .cer certificate to .jks

Question

I need to convert a .cer file to a .jks file. I saw a few questions about it, but haven't seen a solution to what I need.

I don't need it in order to add it to my local certificates, but as a file to upload to a server. I also need to do it only once, and not programmatically. There's this thread Converting .cer to .jks using java and the author says he had done it successfully, but I couldn't comment to his last reply as I don't have enough reputation, nor could I send him a personal message and ask him.

So if anyone knows of a simple way to do so, I'll be glad to hear.

David Lavender · Answer 1 · 2016-01-08T14:13:39.923

94

keytool comes with the JDK installation (in the bin folder):

keytool -importcert -file "your.cer" -keystore your.jks -alias "<anything>"

This will create a new keystore and add just your certificate to it.

So, you can't convert a certificate to a keystore: you add a certificate to a keystore.

edited Jan 08 '16 at 14:13

answered May 20 '15 at 14:47

David Lavender

8,021
3
35
55

Hi, somewhere I can find the keystore created? On the certmgr? – vivi-ramji Mar 22 '21 at 21:27
4

@viviramji the keystore will be created as a file, in the folder where you run this command – David Lavender Mar 24 '21 at 14:41

uraimo · Answer 2 · 2015-06-01T08:27:57.133

Just to be sure that this is really the "conversion" you need, please note that jks files are keystores, a file format used to store more than one certificate and allows you to retrieve them programmatically using the Java security API, it's not a one-to-one conversion between equivalent formats.

So, if you just want to import that certificate in a new ad-hoc keystore you can do it with Keystore Explorer, a graphical tool. You'll be able to modify the keystore and the certificates contained therein like you would have done with the java terminal utilities like keytool (but in a more accessible way).

score 4 · Answer 3 · edited Aug 03 '22 at 20:31

4

Use the following will help

keytool -import -v -trustcacerts \
-alias keyAlias \
-file server.cer \
-keystore cacerts.jks \
-keypass changeit

edited Aug 03 '22 at 20:31

mati kepa

2,543
19
24

answered Jul 12 '17 at 03:56

Mukti

291
2
5
13

score 3 · Answer 4 · edited Feb 16 '17 at 14:14

3

Export a certificate from a keystore:

keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

edited Feb 16 '17 at 14:14

user1438038

5,821
6
60
94

answered Feb 16 '17 at 13:22

amiri_mak

55
1
2

3

I think this does the reverse of what is being asked. – zmerr Aug 20 '21 at 10:39

Promise Preston · Answer 5 · 2023-07-17T17:03:57.280

This worked for me brilliantly

First, create a PKCS12 keystore :

openssl pkcs12 -export -in my-app-certificate.crt -inkey my-app-certificate-private.key -out my-app-keystore.p12 -name my-app

This will require a password

-name is the alias of the private key entry in keystore.

Next, convert the PKCS12 keystore to JKS keytstore using keytool command :

keytool -importkeystore -srckeystore my-app-keystore.p12 -srcstoretype PKCS12 -destkeystore my-app-certificate.jks -deststoretype JKS

To view the JKS file contents:

keytool -v -list -keystore my-app-certificate.jks

Reference: Steps to create a self-signed certificate using OpenSSL

This will request for the password entered when creating the PKCS12 keystore

Convert .cer certificate to .jks

5 Answers5

Linked