Java keystore (JKS) file includes public certificates and cryptography keys. It is secured by a password and used in java applications. Other consumers of public certificates and cryptography keys, for example, tools or software libraries might not accept JKS format. In that case, Java keystore file can be converted into different formats.
PEM is widely used format which can contain certificates and private keys as well. Conversion between those formats is done with multistep process. keytool
is one tool to convert formats. The tool is a part of JDK or JRE. The second tool is openssl
.
List certificates in a source JKS repository
keytool -list -v -keystore source_keystore.jks
Alias identifies certificates and keys.
Convert JKS format into intermediate PKCS #12 one.
keytool -importkeystore -alias <alias from previous step> -srckeystore source_keystore.jks -destkeystore intermediate.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass <source keystore password> -deststorepass 123456 -destkeypass 123456
alias
parameter can be omitted if there is only 1 entry.deststorepass
anddestkeypass
can be have any values but they have to match topassword
value on the next step.
Output
Importing keystore source_keystore.jks to intermediate.p12...
Create final not encrypted PEM file.
Option #1. One file containing both a certificate and a cryptography key.
openssl pkcs12 -in intermediate.p12 -nodes -out output.pem -password pass:123456
Output
MAC verified OK
Option #2. Two files with a certificate and a cryptography key.
Certificate
openssl pkcs12 -in intermediate.p12 -nokeys -out output.crt -password pass:123456
Key
openssl pkcs12 -in coordinator_keystore.p12 -nocerts -nodes -out output.key -password pass:123456
Output
MAC verified OK
Comments
comments powered by Disqus