10

I want to extract certificate from a .p12 file. I can't use openssl as it is not allowed in my organization.

Is keytool able to extract the certificate, or is there any other way by which I can get this certificate extracted?

Do I require the password for the private key for this?

Martijn
  • 11,964
  • 12
  • 50
  • 96
Vaibhav Dwivedi
  • 115
  • 1
  • 3
  • 8

2 Answers2

13

You can use this Keytool command to export certificate from a KeyStore.

keytool -exportcert -keystore KEYSTORE_ABSOLUTE_PATH.p12 -storetype PKCS12 -storepass KEYSTORE_PASSWORD -alias ALIAS -file EXPORTED_CERT_NAME.crt

always_a_rookie
  • 4,515
  • 1
  • 25
  • 46
5

The accepted answer will give you a certificate in binary format. If you want the resulting certificate to be in PEM format i.e text, add the keytool option -rfc like so:

keytool -exportcert -rfc //+ other options

-rfc – Will output in PEM format as defined by RFC 1421.

Result

This will give you a readable certificate
-----BEGIN CERTIFICATE-----
body
-----END CERTIFICATE-----.

jumping_monkey
  • 5,941
  • 2
  • 43
  • 58