Convert .cer certificate to .jks

190.2k Views Asked by arikabc At 04 April 2025 at 20:02

I need to convert a .cer file to a .jks file. I saw a few questions about it, but haven't seen a solution to what I need.

I don't need it in order to add it to my local certificates, but as a file to upload to a server. I also need to do it only once, and not programmatically. There's this thread Converting .cer to .jks using java and the author says he had done it successfully, but I couldn't comment to his last reply as I don't have enough reputation, nor could I send him a personal message and ask him.

So if anyone knows of a simple way to do so, I'll be glad to hear.

Original Q&A

There are 5 best solutions below

uraimo On 20 May 2015 at 14:41

Just to be sure that this is really the "conversion" you need, please note that jks files are keystores, a file format used to store more than one certificate and allows you to retrieve them programmatically using the Java security API, it's not a one-to-one conversion between equivalent formats.

So, if you just want to import that certificate in a new ad-hoc keystore you can do it with Keystore Explorer, a graphical tool. You'll be able to modify the keystore and the certificates contained therein like you would have done with the java terminal utilities like keytool (but in a more accessible way).

David Lavender On 20 May 2015 at 14:47

keytool comes with the JDK installation (in the bin folder):

keytool -importcert -file "your.cer" -keystore your.jks -alias "<anything>"

This will create a new keystore and add just your certificate to it.

So, you can't convert a certificate to a keystore: you add a certificate to a keystore.

Promise Preston On 17 July 2023 at 16:39

This worked for me brilliantly

First, create a PKCS12 keystore :

openssl pkcs12 -export -in my-app-certificate.crt -inkey my-app-certificate-private.key -out my-app-keystore.p12 -name my-app

This will require a password

-name is the alias of the private key entry in keystore.

Next, convert the PKCS12 keystore to JKS keytstore using keytool command :

keytool -importkeystore -srckeystore my-app-keystore.p12 -srcstoretype PKCS12 -destkeystore my-app-certificate.jks -deststoretype JKS

To view the JKS file contents:

keytool -v -list -keystore my-app-certificate.jks

Reference: Steps to create a self-signed certificate using OpenSSL

This will request for the password entered when creating the PKCS12 keystore

amiri_mak On 16 February 2017 at 13:22

Export a certificate from a keystore:

keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

Mukti On 12 July 2017 at 03:56

Use the following will help

keytool -import -v -trustcacerts \
-alias keyAlias \
-file server.cer \
-keystore cacerts.jks \
-keypass changeit

Convert .cer certificate to .jks

There are 5 best solutions below

Related Questions in JAVA

Related Questions in CERTIFICATE

Related Questions in JKS

Related Questions in CER

Related Questions in JAVA-SECURITY

Trending Questions

Popular # Hahtags

Popular Questions