Convert JKS file to pem file+ Convert a Java Keystore Into PEM Format+convert keystore to pk12 file+convert JKS to pk12 file
ReportPlease briefly explain why you feel this question should be reported .
Creating a JKS file with a single RSA key pair value:
keytool -genkey -keyalg RSA -v -keystore xxx_keystore.jks -alias xxx_key-pair
It will ask to enter the KeyStore password and enter details/information about the key pair.
keytool -genkey -keyalg RSA -v -keystore xxx_keystore.jks -alias yyy-key-pair
The first step in the conversion process: – convert the JKS into PKCS#12 using keytool:
keytool -importkeystore -srckeystore xxx_keystore.jks -destkeystore keystore.p12 -deststoretype pkcs12
Again, it will ask the password prompts — first will ask for the password of the original JKS or certificate, and the other will ask us to create a password for the resulting/new file PKCS#12 KeyStore.
And, following output will be displayed in command line or terminal:
Entry for alias first-key-pair successfully imported.
Entry for alias second-key-pair successfully imported.
Import command completed: 2 entries successfully imported, 0 entries failed or cancelled
Some commands to play:
keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12
For apache ssl certificate file you need certificate only:
openssl pkcs12 -in keystore.p12 -nokeys -out my_key_store.crt
For ssl key file you need only keys:
openssl pkcs12 -in keystore.p12 -nocerts -nodes -out my_store.key
keytool -importkeystore -srckeystore x509_integration_client_keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
JKS to Pem
keytool -genkey -keyalg RSA -v -keystore keystore_x509_integration.jks -alias first-key-pair
keytool -genkey -keyalg RSA -v -keystore keystore_x509_integration.jks –alias second-key-pair
keytool -importkeystore -srckeystore keystore_x509_integration.jks -destkeystore keystore_x509_integration.jks -deststoretype pkcs12
openssl pkcs12 –in keystore_x509_integration.jks -out keystore_x509_integration.pem
- This will prompt us for the PKCS#12 KeyStore password and a PEM passphrase for each alias. The PEM passphrase is used to encrypt the resulting private key.
- If we don’t want to encrypt the resulting private key, we should instead use:
- openssl pkcs12 -nodes -in keystore.p12 -out keystore.pem
openssl pkcs12 -in keystore_x509_integration.jks -nokeys -out keystore_x509_integration.crt
openssl pkcs12 -in keystore_x509_integration.jks -nocerts -nodes -out keystore_x509_integration.key
Leave an answer