Cryptography - JKS (Java Keystore)

About

In the JDK implementation of JKS, a keystore may contain both:

Utility

Management

List

with Cryptography - Keytool (Key and Certificate Management Tool)

keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list

Import Certificate

keytool -import \
    -alias example \
    -keystore  /home/security/cacerts \
    -file azurehdinsightnet.crt

Import Key

  • from pem to pkcs12 with openssl <note important>To pass the password inline, you need to add the pass: prefix.</note>
openssl pkcs12 -export  \
  -name key-alias
  -in key.pem \
  -out key.pkcs12 \
  -passin 'pass:secretout' \
  -passout 'pass:secretOut'
keytool -importkeystore -v \
    -alias key-alias \
    -destalias key-alias \
    -srckeystore key.pkcs12 \
    -srcstoretype PKCS12 \
    -destkeystore keystore.jks \
    -deststoretype JKS \
    -destkeypass 'pwd' \
    -deststorepass 'pwd' \
    -srcstorepass 'pwd' \
    -noprompt

Export

keytool -export \
    -alias alias \
    -file certificate_export.cer \
    -keystore /home/conf/keystore.jks

to Pkcs12

keytool -importkeystore -srcstoretype JKS -srckeystore infa_keystore.jks -deststoretype PKCS12 -destkeystore infa_keystore.pkcs12

to Pem

Steps

openssl pkcs12 \
    -in keystore.pkcs12 
    -nodes \
    -out keystore.pem

Powered by ComboStrap