Convert JKS file to pem file+ Convert a Java Keystore Into PEM Format+convert keystore to pk12 file+convert JKS to pk12 file

Report
Question

Please briefly explain why you feel this question should be reported .

Report
Cancel

Creating a JKS file with a single RSA key pair value:
keytool -genkey -keyalg RSA -v -keystore xxx_keystore.jks -alias xxx_key-pair

It will ask to enter the KeyStore password and enter details/information about the key pair.
keytool -genkey -keyalg RSA -v -keystore xxx_keystore.jks -alias yyy-key-pair The first step in the conversion process: – convert the JKS into PKCS#12 using keytool:
keytool -importkeystore -srckeystore xxx_keystore.jks -destkeystore keystore.p12 -deststoretype pkcs12
Again, it will ask the password prompts — first will ask for the password of the original JKS or certificate, and the other will ask us to create a password for the resulting/new file PKCS#12 KeyStore.

And, following output will be displayed in command line or terminal:
Entry for alias first-key-pair successfully imported.
Entry for alias second-key-pair successfully imported.
Import command completed: 2 entries successfully imported, 0 entries failed or cancelled

Some commands to play:
keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12
 
For apache ssl certificate file you need certificate only:
openssl pkcs12 -in keystore.p12 -nokeys -out my_key_store.crt
For ssl key file you need only keys:
openssl pkcs12 -in keystore.p12 -nocerts -nodes -out my_store.key
 
keytool -importkeystore -srckeystore x509_integration_client_keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
 

 
JKS to Pem
 
keytool -genkey -keyalg RSA -v -keystore keystore_x509_integration.jks -alias first-key-pair
 

 
keytool -genkey -keyalg RSA -v -keystore keystore_x509_integration.jksalias second-key-pair
 

 
keytool -importkeystore -srckeystore keystore_x509_integration.jks -destkeystore keystore_x509_integration.jks -deststoretype pkcs12
 

 
openssl pkcs12 –in keystore_x509_integration.jks -out keystore_x509_integration.pem
 

 

  • This will prompt us for the PKCS#12 KeyStore password and a PEM passphrase for each alias. The PEM passphrase is used to encrypt the resulting private key.

 

 

  • If we don’t want to encrypt the resulting private key, we should instead use:

 

 

  • openssl pkcs12 -nodes -in keystore.p12 -out keystore.pem

 

 

 
openssl pkcs12 -in keystore_x509_integration.jks -nokeys -out keystore_x509_integration.crt
 

 
openssl pkcs12 -in keystore_x509_integration.jks -nocerts -nodes -out keystore_x509_integration.key
 

0
Manimaran Samuthirapandi 1 year 2021-09-15T13:50:39+02:00 0 Answers 39 views 0

Leave an answer

Captcha Click on image to update the captcha .