1

I'm exporting a certificate from the Windows CA certificate store using a method nearly identical to the answer here: Get chain of certificates for a file with PowerShell? and here Automate export x509 certificate w/chain from Server 2008 R2 to a p7b file WITHOUT external tools? Except I am getting it from the CA system store.

This works, and things like openssl and certutil can read my certificate. However, I need Java to read my certificate, and both the Java 8 keystore class and the keytool command line tool ( keytool -list -v -keystore v.p12 -storetype pkcs12 -storepass pass ) say that my certificate has 0 entries, whereas openssl and certutil show there are entries.

How can I either export my certificate in a Java readable format, or easily convert it to a Java readable format while keeping it in pkcs12? The machine I actually want to export on doesn't have openssl, so please keep that in mind. An example file (password is 'pass') is here: https://mega.nz/#!Cj5GGIBR!O5shbaPuHNKEJhRrivR0TY3hRd3ZRYQzvRQFJa_ri3s

oawqxz1234
  • 11
  • 2

1 Answers1

-1

Import the PKCS12 data into a JKS keystore:

keytool -importkeystore -srckeystore v.p12 -srcstoretype PKCS12 -destkeystore v.jks
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
  • `Import command completed: 0 entries successfully imported, 0 entries failed or cancelled.` Java tools seem unable to work with the keystore, but it does recognize bad passwords and the like – oawqxz1234 Aug 10 '18 at 13:03