Exporting Keys from a JKS and into the Windows Cert Store

| | Comments (1) | TrackBacks (0)
  1. Run KeyTool IUI by running <root after unpacking>\ktl241sta\run_ktl.bat
  2. Create a new PKCS12 keystore
    1. Click View, Select task, Create, Keystore



    2. Select PKCS12 as the format
    3. Select a target
    4. Specify a password (optional)



    5. Click OK
  3. Import the key from the JKS keystore into the new on that you just created
    1. Click View, Select task, Import, Keystore's entry, Private key, From other keystore



    2. Select the JKS keystore
    3. Specify its password (optional) . JKS keystore's have a default password of "changeit" (from what I gather)
    4. Select the PKCS12 format for the target keystore
    5. Specify the target keystore file
    6. Enter a password for the target keystore (optional)
    7. Click OK



    8. Select the alias(es) of the key(s) you want to import into the empty PKCS12 keystore from the JKS keystore
    9. Enter the password for the key ("changeit" by default)



    10. Wave to your little Java friend up there in the corner
    11. Click OK
    12. Enter in the new private key's alias (to become part of the CN?)
    13. Enter and confirm a password for the key (optional)
    14. Wave again
    15. Click OK
  4. Import the key in the new PKCS12 keystore into the Windows Certificate Store
    1. Start the MMC and add the cert snap-in for the local computer account
    2. Expand the "Certificates (Local Computer)" node
    3. Right-click the Personal node, select All tasks, and choose Import
    4. Click Next (missing your little Java friend?)
    5. Click Browse
    6. Change the file filter to "Personal Information Exchange (*.pfx;*.p12)
    7. Select the PKCS12 keystore you created in step 3 and click Open



    8. Click Next
    9. Enter the password for the keystore if you created; otherwise leave it blank
    10. Mark the private key as exportable if you want to get it out of the Windows Cert Store at a later time
    11. Click Next (Java Dude, where are you?!)
    12. Use the default Cert store (Personal) and click Next
    13. Click Finish!


    Your cert will be in the Certificates subdirectory; it's thumbprint should match the output of keytool:



    Thanks Duke!!!