How to convert a PKCS#12 to JKS

下面提供两种方式：
1. 使用Portecle
2. 使用Jetty的工具类
3. 使用Keytool GUI(这个工具现在不太好找，功能类似Portecle)
4. 使用OpenSSL + Keytool
5. 自己写代码（使用BouncyCastle的jar）


---------------------------------------
使用Portecle

Most of system administrators use OpenSSL (which is not a good idea, but it’s an another story) to manage their PKI. While OpenSSL is good to create/convert X509 certificates from PEM/DER to PKCS#12 (and vice versa, for sure) it doesn’t understand the JKS (Java KeyStore) format. JKS are used in Java world, for example Glassfish application server, OpenDS and so more. In this post, I’ll explain how to convert a PKCS#12 to a JKS using portecle. portecle is a small, but very useful application (written in Java) to manipulate keystores.

1. Download [url="http://portecle.sourceforge.net/"]portecle[/url], extract it, and lauch it using java -jar portecle.jar
2. Open your PKCS#12 file, provide the password
3. Click on Tools/Change KeyStore Type/JKS menu
4. If you don’t want to use the default password (which is password), click on the menu keystore password
5. Save it, that’s all folks!

You can know list the contents of your JKS using keytool:


% keytool -list -v -keystore yourkeystore.jks

from: http://blog.asyd.net/2009/07/how-to-convert-a-pkcs12-to-jks/


----------------------------------------------
使用Jetty的工具类

java -classpath jetty-6.1.3/lib/jetty-6.1.3.jar org.mortbay.jetty.security.PKCS12Import keystore.pkcs12 keystore.jks

Enter input keystore passphrase: secret
Enter output keystore passphrase: secret
Alias 0: 1
Adding key for alias 1


http://jetty.codehaus.org/jetty/jetty-6/apidocs/org/mortbay/jetty/security/PKCS12Import.html
http://conshell.net/wiki/index.php/OpenSSL_to_Keytool_Conversion_tips