-1

I have created keystore by using Java Keytool. Below are the steps i tried.

Preparing the certificate:

keytool -genkey -keyalg RSA -alias selfsigncert -keystore "C:\path\keystore.jks" -validity 365 -keysize 2048

Convert the JKS keystore to industry standard PKCS12 keystore

keytool -importkeystore -srckeystore C:\path\keystore.jks -destkeystore C:\path\keystore.p12 -deststoretype pkcs12

Export the client certificate

keytool -export -alias selfsigncert -keystore C:\path\keystore.p12 -rfc -file C:\path\my_self_cert.crt

Next step is to export unencrypted private key, To achieve this I could not find any command on Java keytool

I found openssl related commands only to generate private key like below

openssl pkcs12 -in identity.p12 -nodes -nocerts -out private_key.pem

Note:

  • openssl is not installed in my system ie windows 11
  • Git is not installed in my machine

Can we able to achieve this by using same Java keytool rather than go with openssl?

Justin
  • 855
  • 2
  • 11
  • 30
  • Just curious, does it work with openssl? In that case, why do you need to use keytool specifically? – Nurio Fernández Jan 20 '23 at 09:08
  • Hi @NurioFernández As i stated in above question, openssl is not installed in my system, Only JDK is installed, so i am using the keytool to generate certificate and finding way to get private key using the same keytool. – Justin Jan 20 '23 at 09:12
  • *Only JDK is installed* So write some Java code. See https://security.stackexchange.com/questions/3779/how-can-i-export-my-private-key-from-a-java-keytool-keystore for an example. – Andrew Henle Jan 20 '23 at 18:41

2 Answers2

0

By Using java keytool i achieved my usecase.

Creating new Keystore:

keytool -genkey -keyalg RSA -alias dev.wso2.com -keystore "C:\dummypath\resources\security\devwso2.jks" -validity 4000

Convert to pkcs12 format:

keytool -importkeystore -srckeystore C:\dummypath\resources\security\devwso2.jks -destkeystore C:\dummypath\resources\security\devwso2.jks -deststoretype pkcs12

Export public certificate:

keytool -exportcert -alias dev.wso2.com -rfc -file "C:\dummypath\resources\security\devwso2.pem" -keystore "C:\dummypath\resources\security\devwso2.jks"

import certificate into trust store

keytool -import -alias dev.wso2.com -file "C:\dummypath\resources\security\devwso2.pem" -keystore "C:\dummypath\resources\security\client-truststore.jks"
Justin
  • 855
  • 2
  • 11
  • 30
-1

I'm recommend you to use free GUI program. https://keystore-explorer.org/index.html

Shakirov Ramil
  • 1,381
  • 9
  • 13