Ask a Question

Advanced Search

Solution ID : SO23309

Last Modified : 05/02/2018

Move certificate from IIS to Weblogic 9.x


To move a certificate with it's private key from IIS to Weblogic 9, follow the steps below:

Note: JDK/JRE 1.6.x and higher must be used as the -importkeystore option is only present for keytool after 1.6

  1. Export certificate with it's private key from IIS as a .pfx file: AR214
  2. Move the .pfx file to the bin file where keytool.exe is located.
  3. Run the conversion command from PFX to JKS:
    $JAVA_HOME/bin/keytool -v -importkeystore -srckeystore exportedkeycert.pfx -srcstoretype PKCS12 -destkeystore createkeycert.jks -deststoretype JKS

    Enter destination keystore password:
    Re-enter new password:
    Enter source keystore password:

    Entry for alias eb3d8fcfbdff9ed72c434fd65b6225ef_d155d0e5-630f-4834-812c-a3789e301
    272 successfully imported.
    Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

    [Storing createdkeycert.jks]
  4. View the content of the JKS to obtain the original Alias:
    $JAVA_HOME/bin/ keytool -list -v -keystore createdkeycert.jks

    Enter keystore password:
    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry

    Alias name: eb3d8fcfbdff9ed72c434fd65b6225ef_d155d0e5-630f-4834-812c-a3789e3272

    Creation date: 17-Sep-2013
    Entry type: PrivateKeyEntry
    Certificate chain length: 4
  5. Change the original alias to a simplier alias:
    $JAVA_HOME/bin/keytool -keystore createdkeycert.jks -storepass password -changealias -alias eb3d8fcfbdff9ed72c434fd65b6225ef_d155d0e5-630f-4834-812c-a3789e3272 -keypass password -destalias weblogicalias
  6. Assign new JKS file to Weblogic 9: AR1127