Importing a java keystore jks file to Salesforce

I had a certificate which needed import into Salesforce, and one of the options provided to me was to put it into a java keystore, which could easily be imported. Since the file I had available to me wasn’t in the keystore format, I had to figure out how to import it into a keystore on my Mac using the keytool library. I had a pfx file to me, but the same principle can be applied to a .cer file as well.

Here are the commands using java’s keytool to perform this:


keytool -importkeystore -srckeystore {pfxfile} -srcstoretype pkcs12 -keystore keystore.jks

This prompted me for the passwords, and generated a keystore.jks file.

The key was imported into the keystore with the alias “le-9c090e06-14af-4ddd-b5fe-6ac9af45ea18″, which has an unacceptable format:

Error: Keystore contains an entry whose alias is not acceptable for import

Thanks to the Salesforce help, it was a quick and easy keytool command to rename it:

keytool -keystore keystore.jks -changealias -alias le-9c090e06-14af-4ddd-b5fe-6ac9af45ea18 -destalias {compliant_name}

I was then able to import the jks file into Salesforce via Setup => Security and Controls => Certificate and Key Management => Import from Keystore.

This entry was tagged , , . Bookmark the permalink.