Cryptography - JKS (Java Keystore)

About

In the JDK implementation of JKS, a keystore may contain both:

key entries
and trusted certificate entries.

Utility

command line:

Cryptography - Keytool (Key and Certificate Management Tool)

Gui:

Porte-cle: http://portecle.sourceforge.net/ (download)
https://keystore-explorer.org

Management

List

with Cryptography - Keytool (Key and Certificate Management Tool)

keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list

Import Certificate

Import a certificate

keytool -import \
    -alias example \
    -keystore  /home/security/cacerts \
    -file azurehdinsightnet.crt

Import Key

from pem to pkcs12 with openssl To pass the password inline, you need to add the pass: prefix.

openssl pkcs12 -export  \
  -name key-alias
  -in key.pem \
  -out key.pkcs12 \
  -passin 'pass:secretout' \
  -passout 'pass:secretOut'

Import a private key

keytool -importkeystore -v \
    -alias key-alias \
    -destalias key-alias \
    -srckeystore key.pkcs12 \
    -srcstoretype PKCS12 \
    -destkeystore keystore.jks \
    -deststoretype JKS \
    -destkeypass 'pwd' \
    -deststorepass 'pwd' \
    -srcstorepass 'pwd' \
    -noprompt

Export

keytool -export \
    -alias alias \
    -file certificate_export.cer \
    -keystore /home/conf/keystore.jks

to Pkcs12

to pkcs12 with keytool

keytool -importkeystore -srcstoretype JKS -srckeystore infa_keystore.jks -deststoretype PKCS12 -destkeystore infa_keystore.pkcs12

to Pem

Steps

Get a pkcs12
Then to pem with openssl

openssl pkcs12 \
    -in keystore.pkcs12 
    -nodes \
    -out keystore.pem