certificate -- keystore issue

We have installed I am trying to configure the certs for https ssl handshake. for that I have created keystore files by using keytool.
2. csr_wm82.csr
Now i tried to import the Certificate into a Java Keystore. by using the command
keytool -import -file wm82.pem -keystore wm82.jks -alias mykey -trustcacerts
it was added to keystore. but the issue is when i run the below command i got error
command: java org.mortbay.jetty.security.PKCS12Import certificate_wm82.pfx wm82.jks
error: Exception in thread “main” java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.mortbay.jetty.security.PKCS12Import.main(PKCS12Import.java:97)

Please help me out in this.

Thanks in Advance,
Noor Shaik

Have you tried using these UI tool?


use the keytool java command line it lives under the jvm bin. There is also a gui tool called portecle but command line is simple. You can make jks and/or pcks12 both supported in IS 8.x. With pcks12 it will also be easier to import x509 certs into Windows Servers.
+1 on the comments to include the .jks file in the path.


If you want to replace keytool with a GUI tool then you can also use CERTivity.

CERTivity aims at making it easier to manage digital security-related assets from any source.

In addition to tools mentioned by rmg, KeyStore Explorer (which was basis for portecle a few years back) is a good tool. It can handle old-format IS keys.

I erased my post sorry. I’ve read to quickly the previous posts.

no worries! :smiley:

Do you have openssl available to you? If so this can be done fairly simply with something like this:

openssl pkcs12 -export -in wmprd_company_com.cer -out wmprd.company.com.keystore.p12 -name “wmprd_company_com” -certfile chain.cer -inkey privkey.pem

where chain.cer is: cat entrust_l1c.cer entrust_ca.cer > chain.cer

Hi Noor,

As our experts already mentioned above, keytool command line does not support .pem format. So you can use openssl for this.