Import a PKCS#12 File into a Java Keystore

This procedure uses the Java keytool utility to create a Java keystore from a PKCS#12 file.

Before you begin

  • You need a PKCS#12 (*.p12 or *.pfx) containing your CA-signed FileXpress Gateway server certificate and private key.
  • You need to know the password that protects this file.

To import a PKCS#12 file into a Java keystore

  1. Use the -importkeystore option to create a Java keystore (newkeystore.jks in this example). For example:

    keytool -importkeystore -v -srckeystore cert_file.p12 -srcstoretype PKCS12 -destkeystore newkeystore.jks -deststoretype JCEKS

    Note: The keystore type you specify for deststoretype must match the type specified for servletengine.ssl.keystoretype in the server's container.properties file. JCEKS is specified by default, and is recommended because it uses a stronger encryption for protecting the private key.

  2. Enter passwords when prompted using the same password for destination keystore and source keystore.

    Note: If these passwords don't match, the server will not be able to use the Java keystore and the browser will not be able to launch the application.