Converting certificates to/from Java keystore and OpenSSL

Convert from Java Keystore to Openssl:

Export:

keytool -importkeystore -srckeystore {path_to}/keystore.jks -srcstorepass password -srckeypass password -destkeystore {path_to}/keystore.p12 -deststoretype PKCS12 -srcalias hostname -deststorepass password -destkeypass password

Split into private key and certificate:

openssl pkcs12 -in {path_to}/keystore.p12 \
-passin pass:password  -nokeys \
-out {path_to}/cert.pem

openssl pkcs12 -in {path_to}/keystore.p12 \
-passin pass:password -nocerts \
-out {path_to}/private.key -passout pass:password

Convert from OpenSSL to Java Keystore:

Merge private key and cert file to single .p12

openssl pkcs12 -export \
-in {path_to}/cert.pem \
-inkey {path_to}/private.key \
-out {path_to}/keystore.p12 \
-name hostname -passin pass:password -passout pass:password

Import

keytool -importkeystore -srckeystore /tmp/hostname.p12 -srcstoretype PKCS12 \ 
-srcstorepass password -alias hostname -deststorepass password \
-destkeypass password -destkeystore {path_to}/keystore.jks

Converting certificates to/from Java keystore and OpenSSL

By randy

Share this post

Related posts