TechQA.

getting error while trying to convert pfx without password to jks

7.5k views Asked by At

When I'm trying to convert pfx file, which was generated without password, to jks I get a WARNING WARNING etc... message from keytool, and an error afterwards

When I do the same with an password protected pfx, then everything is fine.

Can anyone suggest what I can do !? maybe a conversion from other formats or using other tools ?

ps. I did also conversion to pem, and pem to jks, but it failed, because it was not an x509 cert.

EDIT

keytool.exe -importkeystore -srckeystore "C:\Users\rodislav.moldovan\Projects
\ceva.pfx" -srcstoretype pkcs12 -destkeystore "C:\Users\rodislav.mol
dovan\Projects\ceva.jks" -deststoretype JKS
Enter destination keystore password: ******
Re-enter new password: ******
Enter source keystore password: // pressed enter, because there is no pass

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in the srckeystore*
* has NOT been verified!  In order to verify its integrity, *
* you must provide the srckeystore password.                *
*****************  WARNING WARNING WARNING  *****************

keytool error: java.security.UnrecoverableKeyException: Get Key failed: null
x509 keytool pem pfx jks
Original Q&A
3

There are 3 answers

0
Shivan A. On BEST ANSWER

You can do it by making a p12 keystore first with OpenSSL and then convert it into JKS format with Keytool.

OpenSSL for CER & PVK file > P12

openssl pkcs12 -export -name servercert -in selfsignedcert.crt -inkey serverprivatekey.key -out myp12keystore.p12

Keytool for p12 > JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

1
primetomas On

Try to convert it to a p12 with a password before.

openssl pkcs12 -in in.pfx -out out.p12

0
Ian On

If you just have a full PFX file that isn't password protected; for instance you downloaded the cert from Azure Key Vault like so:

az keyvault secret download -f mycert.pfx --encoding base64 --vault-name <vault name> --name <certificate name>

Then you can jump through a few hoops to add password protection (got this from here: http://www.1st-setup.nl/wordpress/howto-change-password-on-pfx-certificate-using-openssl/):

openssl pkcs12 -in mycert.pfx -out temppem.pem -nodes
openssl pkcs12 -export -out protectedcert.pfx -in temppem.pem
rm certs/mycert.pfx
rm certs/temppem.pem

Obviously you need to specify a password in the second openssl command to pw-protect the new PFX.

Related Questions in X509

Related Questions in KEYTOOL

Related Questions in PEM

Related Questions in PFX

Related Questions in JKS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions