Loading

Generate a Salesforce Compatible JKS From PFX or P12

Publiseringsdato: Feb 20, 2025
Beskrivelse

Sometimes Certificate signing authorities send back a certificate signing request not in a format Salesforce supports (CRT, CER, JKS), but as PFX or P12.  In these cases, you cannot upload the signed certificate as a match to the certificate signing request.

This article shows how to break up the PFX or P12 certificate into its single parts, and stack them together as Salesforce-supported JKS (JavaKeystore) file.

Løsning

You'll perform the various steps based on the notes below if you have a signed certificate as PFX or PF12.

  1. Install OpenSSL and Java Keystore locally 
  2. Move the PFX to the OpenSSL folder
  3. Open OpenSSL as an admin 
  4. Run below command to export private key from pkcs12 file:
openssl pkcs12 -in certname.p12 -nocerts -out privateKey.pem -nodes

This returns a password-protected private key.

      5. Run the below command to export the public key from the pkcs12 file:

openssl pkcs12 -in certname.p12 -clcerts -nokeys -out publicCertNew.pem

   

    6. Convert the private key into pkcs8 format:

openssl pkcs8 -topk8 -in privateKey.pem -out privateKey-pkcs8.pem



   7. Import the private key and certificate chain into a new pkcs12 file for each certificate:

openssl pkcs12 -export -in publicCertNew.pem -inkey privateKey-pkcs8.pem -name demotest1 -out demotest1.p12

 

  8. Import those pkcs12 files into a Java keystore file:

keytool -v -importkeystore -srckeystore demotest1.p12 -srcstoretype PKCS12 -destkeystore demotest1.jks -deststoretype JKS


 9. Upload the JKS file to Salesforce (Setup | Security | Certificate and Key Management | Import from Keystore).


Knowledge-artikkelnummer

000381987

 
Laster
Salesforce Help | Article