Supported types of certificates

Core certificate functionality comes from Bouncycastle, and this keytool pluing currently supports: JKS and PKCS #12.


JKS stands for Java Keystore, and is what is mainly used in java.
It's SUN's keyring format including private keys, authentication chain and friendly name. The keystore can import/export X.509 certificates.

Default extension: .cer for certificates, and .keystore, cacerts for keystores.

PKCS #12

Personal Information Exchange, is a keystore that can contain one or more certificates.
Internet Explorer can import PKCS #12 keystores.

Default extension: .pfx, p12.