Exporting Keys from a JKS and into the Windows Cert Store

1. Click View, Select task, Create, Keystore

      

   

      

2. Select PKCS12 as the format
3. Select a target
4. Specify a password (optional)

      

   

      

5. Click OK

1. Click View, Select task, Import, Keystore's entry, Private key, From other keystore

      

   

      

2. Select the JKS keystore
3. Specify its password (optional) . JKS keystore's have a default password of "changeit" (from what I gather)
4. Select the PKCS12 format for the target keystore
5. Specify the target keystore file
6. Enter a password for the target keystore (optional)
7. Click OK

      

   

      

8. Select the alias(es) of the key(s) you want to import into the empty PKCS12 keystore from the JKS keystore
9. Enter the password for the key ("changeit" by default)

      

   

      

10. Wave to your little Java friend up there in the corner
11. Click OK
12. Enter in the new private key's alias (to become part of the CN?)
13. Enter and confirm a password for the key (optional)
14. Wave again
15. Click OK

1. Start the MMC and add the cert snap-in for the local computer account
2. Expand the "Certificates (Local Computer)" node
3. Right-click the Personal node, select All tasks, and choose Import
4. Click Next (missing your little Java friend?)
5. Click Browse
6. Change the file filter to "Personal Information Exchange (*.pfx;*.p12)
7. Select the PKCS12 keystore you created in step 3 and click Open

      

   

      

8. Click Next
9. Enter the password for the keystore if you created; otherwise leave it blank
10. Mark the private key as exportable if you want to get it out of the Windows Cert Store at a later time
11. Click Next (Java Dude, where are you?!)
12. Use the default Cert store (Personal) and click Next
13. Click Finish!

       

Your cert will be in the Certificates subdirectory; it's thumbprint should match the output of keytool:

Thanks Duke!!!