A certificate file that ends in “.pfx” or “.p12” is a PKCS12 certificate file that’s commonly used for digital signing and SSL3 in Microsoft environments. Java is none-to-fond of these file types, and there aren’t a lot of easy ways to import them into Java keystores.
I had to try a variety of methods to change the .pfx file into something that Java was happy consuming, but encountered a variety of flaws in all of those methods.
The one method that did work was this:
- Open up Internet Explorer (blech)
- Go to the Internet Options window (from the “tools” button)
- On the “Content” tab, select the Certificates button.
- Import your .pfx file
- Export the newly-imported certificate as a .cer file (either DER or base-64)
- Import the resulting .cer file into a Java keystore using this command:
keytool -import -alias joe -keystore my.keystore -file my_recently_exported.cer