Convert JKS file to PKCS12 to connect Sitecore and Salesforce

Salesforce uses JKS files to store information about the valid certificates used for API communication. The challenge is that JKS is not a format very common in the .net applications – we more often use certs in PKCS12 format.

How to convert JKS file to PKCS12 file?

Before you start conversion it is good to verify if JKS file contains only one certificate – the one you need. To verify what is inside the JKS file you can use “KeyStore Explorer” application that you can download here.

When you open the JKS file with KeyStore Explorer you will see something like this:

When you are sure that that JKS file contains only one cert you can start conversion. For conversion, you will need access to the keytool that usually is available in the OpenJDK directory.

In my case the keytool is available in the path:
C:\Program Files\ojdkbuild\java-1.8.0-openjdk-\bin\keytool.exe

When you find the keytool you can run the following command to convert jks into pkcs12 file:

C:\Program Files\ojdkbuild\java-1.8.0-openjdk-\bin\keytool.exe' -importkeystore -srckeystore xxxxxxxxxxxxxx.jks -destkeystore xxxxxxxxxxxxxx.p12 -srcstoretype JKS -deststoretype PKCS12

Just replace “xxxxxxxxxxxxxx” file name of you jks file and the name of the p12 that should be generated.

If everything went fine you can now use your cert in a new format to sign data that you send to Salesforce. More info about that you will find in the article “Sitecore and Salesforce custom integration – Salesforce JWT bearer token generation