Extracting SSL certificate from the Java Keystore (JKS)
To extract SSL certificate and private key from Keystore (JKS) file, run
1 2 3 4 |
keytool -importkeystore \ -srckeystore keystore.jks \ -destkeystore keystore.p12 \ -deststoretype PKCS12 |
It will ask for the new Keystore password and current Keystore password. Once you enter the password, JKS file gets converted to P12 format.
This will include all certificates in the keystone. If you only need a specific certificate, then use
1 |
-srcalias NAME_HERE |
To see all certificates in a JKS file, see List contents of jks keystore file
To extract SSL certificate (Apache format), run
1 |
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem |
To extract Private key, run
1 |
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem |
Back to keytool