Tuesday, June 16, 2015

Importing pfx or pf12 certificates in java keystore

While working on oracle soa 12c & B2B project for a client, we were handed over certificate with .pfx extension to be imported into a poc webloigc instance.
My colleague went ahead with keytool command that he has always used to import certificates only to face the below error, and replied back to the teams that the format of the given certificate is not a valid one. However, that was not the case as it needs to be understood that keytool command assumes tht the given certificate and key file name by default are of type "JKS".
pfx import error
Error :
keytool error: java.lang.Exception: Input not an X.509 certificate
If you need to import a certificate with extension ".pfx", which are PKCS#12 or PKCS12 type of certificate, we need to pass the relevant arguments to keytool command.
By running the below command we successfully imported the given certificate file:

keytool -v -importkeystore -scrkeystore /opt/app/cert/manedit.pfx -srcstoretype PKCS12 -destkeystore DemoTrust.jks -deststoretype JKS
Enter destination keystore password:
Enter source keystore password:
...
Import command completed:..
correct keytool option
You can verify the successful import of the certificate by issuing the following command:
keytool -v -list -keystore DemoTrust.jks
Verifykeytoolimport
More about the types of certificate and cryptography in another post!!

No comments:

Post a Comment