I have a question about SSL certificates.
I use Openssl to generate the certificate: I followed this tutorial. My goal is to generate:
- .crt
- .key
- .pem
Is possible to obtain the same files using keytool?
Asked
Active
Viewed 3,437 times
1 Answers
2
This StackOverflow question outlines obtaining certificates from a Java keystore like you would generate with keytool in PEM and PKCS#12 format. In short:
$ keytool -importkeystore -srckeystore srckeystore.jks -destkeystore dest.p12 -srcstoretype jks -deststoretype pkcs12
$ openssl pkcs12 -in dest.p12 -out dest.pem
You will end up with your keys and certs in PEM format, as well as a PKCS#12 copy of the keystore. Note that this still requires using openSSL to convert the PKCS#12 keystore to .PEM format. If you export directly from JKS to PEM you will not get the private keys out of the store.
-
One question: If I generate my certificate using keytool (I obtain the .crt file). I need also .key file (as as I use openssl to obtain .crt and .key). Is possible to extract also .key file using keytool? – Safari Nov 13 '13 at 10:16
-
1The .pem file you get from the above operation will give you a pem with both the certs and keys. A .key file is typically just a plaintext file containing the key, which is the same as a pem file. You can just extract the key info from the pem and put it into a .key file. – phoebus Nov 13 '13 at 19:33