DEV Community

shivamkapasia0
shivamkapasia0

Posted on

JKS - Salesforce

JKS (Java Key Store)

When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file.
In Salesforce certificates are used to authenticate single sign-on with an external website.

Create Salesforce Certificate By importing JKS

If you have existing JKS you can create certificate by:

  • Go to setup
  • Search for "Certificate and Key Management"
  • Click on Import from Keystore

Generate JKS

Generate JKS file from .key and .cert file:

  • Prerequisite: OpenSSL & JDK
    • Change their file extension from .key to .pem & .cert to .pem and run below command from folder directory where .key & .cert files available in OpenSSL command prompt. 
 openssl pkcs12 -export -in certificate_pub.pem -inkey private.pem -certfile certificate_pub.pem -out testkeystore.p12
Enter fullscreen mode Exit fullscreen mode
  • Enter any password you can easily remember.
  • Now there will testkeystore.p12 file generated in your directory.
  • Now will Create JKS file using keytool following commands in cmd. 
 keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS
Enter fullscreen mode Exit fullscreen mode

Now the jks file will be created as wso2carbon.jks.
Note: By default [current alias] is set to “1”

To change keystore password:

keytool -keypasswd -alias [Alias name for private key] -keystore [path to key store]
Enter fullscreen mode Exit fullscreen mode

e.g:

keytool -keypasswd -alias "1" -keystore wso2carbon.jks
Enter fullscreen mode Exit fullscreen mode

To change Alias Name of keyStore:

keytool -changealias -keystore [path to key store] -alias [current alias]
Enter fullscreen mode Exit fullscreen mode

e.g:

keytool -changealias -keystore wso2carbon.jks -alias "1"
Enter fullscreen mode Exit fullscreen mode

Screenshots:

To create .P12
to create JKS

Errors:

you can face error while importing certificate from keystore error like:

Data Not Available
Enter fullscreen mode Exit fullscreen mode

The data you were trying to access could not be found. It may be due
to another user deleting the data or a system error. If you know the
data is not deleted but cannot access it, please look at our support
page.

To Solve this error, follow below steps:

  • Go To Setup | Identity Provider
  • Press “Enable Identity Provider” button Once Identity Provider is enabled in the Org, it will create a self-signed certificate in your Org under — Setup | Certificate and Key Management
  • Try to import the certificate from your JKS through “Import from keystore” option and it should be successful.

Thanks for reading …!!! Also you can find more details on creating self signed KeyStore from here

Top comments (0)

Read next

paulike profile image

Identifiers

Paul Ngugi -

redbar0n profile image

Transducers and Eduction in Clojure simply explained

Magne -

paulike profile image

Writing a Simple Program in Java

Paul Ngugi -

dwayne_mcdaniel profile image

Managing Secrets Security at any Scale: introducing the GitGuardian Secrets Management Needs Quiz

Dwayne McDaniel -