This procedure uses the Java keytool utility to create a Java keystore from a PKCS#12 file.
Before you begin
You need a PKCS#12 (*.p12 or *.pfx) file containing your CA-signed Reflection Gateway server certificate and private key.
You need to know the password that protects this file.
To import a PKCS#12 file into a Java keystore
Use the -importkeystore option to create a Java keystore (newkeystore.jks in this example). For example:
keytool -importkeystore -v -srckeystore cert_file.p12 -srcstoretype PKCS12 -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../bc-fips-1.0.1.jar -destkeystore newkeystore.bcfks -deststoretype BCFKS.
NOTE:The keystore type you specify for deststoretype must match the type specified for servletengine.ssl.keystoretype in the server's container.properties file. BCFKS is specified by default, and is recommended because it uses a stronger encryption for protecting the private key.
Enter passwords when prompted using the same password for destination keystore and source keystore.
NOTE:If these passwords don't match, the server will not be able to use the Java keystore and the browser will not be able to launch the application.