...
If the certificate being imported is intended to replace an existing certificate, for example in the case the original certificate has expired, the existing certificate must be removed. You can see if the certificate is already present using
keytool -list -keystore keystore.jks. The existing certificate can be removed usingkeytool -delete -alias alias_name -keystore keystore.jks.Import the .pfx file into the Java keystore using
keytool -importkeystore -srckeystore final.pfx -destkeystore keystore.jks. This will import the key chain under the alias ‘1'. Although this will technically work, it makes it difficult to identify which certificate is which.Change the alias to match the CN of the certificate using
keytool -changealias -alias 1 -destalias cn_name_of_cetificate -keystore keystore.jksEnsure everything is correct using
keytool -v -list -keystore keystore.jks
Change Private Key Password