A certificate file that ends in “.pfx” or “.p12” is a PKCS12 certificate file that’s commonly used for digital signing and SSL3 in Microsoft environments. Java is none-to-fond of these file types, and there aren’t a lot of easy ways to import them into Java keystores.

I had to try a variety of methods to change the .pfx file into something that Java was happy consuming, but encountered a variety of flaws in all of those methods.

The one method that did work was this:

  1. Open up Internet Explorer (blech)
  2. Go to the Internet Options window (from the “tools” button)
  3. On the “Content” tab, select the Certificates button.
  4. Import your .pfx file
  5. Export the newly-imported certificate as a .cer file (either DER or base-64)
  6. Import the resulting .cer file into a Java keystore using this command:
keytool -import -alias joe -keystore my.keystore -file my_recently_exported.cer