Below are the steps to convert the JKS keystore file into CRT / PEM files(certs/keys)
- Generate PKCS12 file format with the Keystore jks file
keytool -importkeystore -srckeystore <keystore.jks> -destkeystore <keystore.p12> -deststoretype PKCS12 -srcalias <aliasName> -deststorepass <password> -destkeypass <password>In above keystore.jks is input Keystore file
keystore.p12 is the output PKCS12 file.
aliasName was the entry name in keystore file.
password is the password for the output file.
Example:>keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias selfsigned -deststorepass password -destkeypass password
Enter source keystore password: - Now convert the PKCS12 format into PEM format:
- Generate certificate in pem format without private keys:
>openssl pkcs12 -in <keystore.p12> -nokeys -out <cert.pem>
in above keystore.p12 is the input file in PKCS12 format
cert.pem is the output file in PEM format.
example:>openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
Enter Import Password:
MAC verified OK - Generate private key in pem format without certificate:
>openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem
Enter Import Password:
MAC verified OK - Additionally convert the keystore jks file into CRT format:
keytool -exportcert -file <keystore.crt> -keystore <keystore.jks> -alias <aliasName>
in above keystore.jks is the input Keystore jks file
aliasName is the entry name in the keystore file
keystore.crt is the output CRT file.>keytool -exportcert -file keystore.crt -keystore keystore.jks -alias selfsigned
Enter keystore password:
Certificate stored in file <keystore.crt>
