I have a Java keystore (.jks file) holding a single certificate. How can I create a .pfx file from this keystore?
+1
A:
This guy() seems to have written a little Java class and batch file with good instructions to do this here: http://www.crionics.com/products/opensource/faq/signFree.htm#DownloadTools
If you want to do it yourself the key lines in the .bat file seem to be uses
keytool -export -rfc -keystore %KEYSTORE% -storepass %PASSWORD% -alias %ALIAS% > %CERT_64%
java -classpath %JAVACLASSPATH% ExportPrvKey %KEYSTORE% %PASSWORD% %ALIAS% > %PKEY_8%
openssl enc -in %PKEY_8% -a >> %PKEY_64%
openssl pkcs12 -inkey %PKEY_64% -in %CERT_64% -out %CERT_P12% -export
where ExportPrvKey does the step of extracting the private key from the keystore.
Nick Fortescue
2009-02-09 12:07:57
Thanks for the answer. I also came across the site you linked via Google and tried it out. However, the last step fails for me. openssl terminates with the message:unable to load private keyAny additional hints would be highly appreciated!
Christian Berg
2009-02-09 12:18:29
Have a look at the private key file (%PKEY_64%). Does it actually exist? Googling it seems the most common errors are having it in the wrong directory or a bad format. Which version of openssl do you have?
Nick Fortescue
2009-02-09 12:35:35
The PKEY_64 file exists and looks ok (it contains 858 "random" ascii characters). I'm using openssl 0.9.7d on a linux box.
Christian Berg
2009-02-09 13:10:00