There's no way to "directly" export anything other than the certificate. You will need to go through an intermediate step in a PKCS12 format.
keytool -importkeystore -srckeystore rec.jks -destkeystore rec.p12 -deststoretype PKCS12
This will prompt for source and destination passphrases. If you need to automate this, use PW=somepass keytool -srcpass:env PW ...
or keytool -srcstorepass:file filecontainingpass ...
, and similarly for -deststorepass
And from there, you can use openssl to convert the PKCS12 file to standard PEM:
openssl pkcs12 -in rec.p12 -out rec.pem
This too will prompt for passphrases. Use -passin env:PW
or -passin file:filename
and -passout
options, or -nodes
if you dont want the resulting key encrypted, but be careful about where you're writing this to.
The resulting file will contain your key, certificate, and probably the full certificate chain.