Import a PKCS#12 File into a Java Keystore

This procedure uses the Java keytool utility to create a Java keystore from a PKCS#12 file.

Before you begin

  • You need a PKCS#12 (*.p12 or *.pfx) file containing your CA-signed Reflection Gateway server certificate and private key.

  • You need to know the password that protects this file.

To import a PKCS#12 file into a Java keystore

  1. Use the -importkeystore option to create a Java keystore (newkeystore.jks in this example). For example:

    keytool -importkeystore -v -srckeystore cert_file.p12 -srcstoretype PKCS12 -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../bc-fips-1.0.1.jar  -destkeystore newkeystore.bcfks -deststoretype  BCFKS.

    NOTE:The keystore type you specify for deststoretype must match the type specified for servletengine.ssl.keystoretype in the server's container.properties file. BCFKS is specified by default, and is recommended because it uses a stronger encryption for protecting the private key.

  2. Enter passwords when prompted using the same password for destination keystore and source keystore.

    NOTE:If these passwords don't match, the server will not be able to use the Java keystore and the browser will not be able to launch the application.