About
In the JDK implementation of JKS, a keystore may contain both:
Utility
command line:
Gui:
- Porte-cle: http://portecle.sourceforge.net/ (download)
Management
List
with Cryptography - Keytool (Key and Certificate Management Tool)
keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list
Import Certificate
- Import a certificate
keytool -import \
-alias example \
-keystore /home/security/cacerts \
-file azurehdinsightnet.crt
Import Key
openssl pkcs12 -export \
-name key-alias
-in key.pem \
-out key.pkcs12 \
-passin 'pass:secretout' \
-passout 'pass:secretOut'
- Import a private key
keytool -importkeystore -v \
-alias key-alias \
-destalias key-alias \
-srckeystore key.pkcs12 \
-srcstoretype PKCS12 \
-destkeystore keystore.jks \
-deststoretype JKS \
-destkeypass 'pwd' \
-deststorepass 'pwd' \
-srcstorepass 'pwd' \
-noprompt
Export
keytool -export \
-alias alias \
-file certificate_export.cer \
-keystore /home/conf/keystore.jks
to Pkcs12
keytool -importkeystore -srcstoretype JKS -srckeystore infa_keystore.jks -deststoretype PKCS12 -destkeystore infa_keystore.pkcs12
to Pem
Steps
- Get a pkcs12
openssl pkcs12 \
-in keystore.pkcs12
-nodes \
-out keystore.pem