-1

Apple server require a CSR(CertificateSigningRequest) in order that apple MFI provide a pem certificate.

I generated the CSR with the following keyhole commands:

keytool -genkeypair -keystore mycompany.jks -alias mycompany.com -keyalg RSA -keysize 2048 -dname "CN=MFi-111111, O=MYCOMPANY Inc."
keytool -certreq -keystore mycompany.jks -alias mycompany.com -sigalg SHA256withRSA

but when I want to connect to the apple server it's required to use the private key with the certificate I got from apple.

How to generate the private key with Keytool from mycompany.jks ?

MOHAMED
  • 41,599
  • 58
  • 163
  • 268
  • You _already_ generated the privatekey and it is in the keystore file. What are you trying to do with it? If you want to use this for client auth on an SSL/TLS connection (including HTTPS) you must first 'import' the reply from the CA, and either code the keystore explicitly (which would be ontopic, show your code) or set system properties `javax.net.ssl.keyStore{,Password,Type}`. Note in j9 up `keytool` creates PKCS12 not JKS by default so using suffix `jks` may be misleading, and in 8u60 up you usually don't need to specify type for a file-based keystore. PS: keyhole != keytool. – dave_thompson_085 Sep 22 '22 at 11:14

1 Answers1

0

First export from keystore file ("JKS") to standardized format PKCS

keytool -importkeystore -srckeystore mycompany.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias mycompany.com -deststorepass mypassword -destkeypass mypassword

then with openssl export unencrypted private key (convert from p12 to pem):

openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem
MOHAMED
  • 41,599
  • 58
  • 163
  • 268