Problem : I need to access a webservice of a provider. The provider gave to me a .cert file and a .p12 file.

The private key p12 is not easy to manage in java. The default Key Store (cacert) doesn’t manage private keys.

I’m using apache cxf to access the webservice.


  1. Create a new Key Store for your private key and import the p12 file
keytool -importkeystore -srckeystore privateKeyFile.p12 -srcstoretype PKCS12 -destkeystore personalKeyStore.jks

The .cert file should be imported in the cacert file:

You can easily access the certificate and the personal key from cxf using the following configuration.

For the private.jks store you need two passwords:

One password to access the file private.jks: ‘storePassword’

One password to access the private key inside the private.jks: ‘personalKeyPassword’ the provider gave to you this password.