I created a KeyStore and from that KeyStore I generate a CSR file. When I received Signed Certificate from CA, I imported root and intermediate certificates and signed certificate to my KeyStore.
After I add signed certificate I got "certificate reply was installed in keystore" response. In this format I can use my KeyStore in Tomcat. However, for another application container I need only private key containing PEM encoded file. When I try to export private key as follows:
keytool -importkeystore -srckeystore server.jks -destkeystore server.pkcs \
-srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in server.pkcs -out server.pem
I am getting a PEM file which only contains certificate info, and not private key.
So is it possible to export private key after establishing a certificate chain in KeyStore? If it is, then how?