Ssl – Export specific certificate from JKS using keytool

apache-2.2httpdsslssl-certificate

We're trying to configure Apache HTTPd to use an SSL cert from a JKS keystore file we have. Since we want only one of the certs out of the JKS (www.MySite.com) and not the others (such as test.MySite.com), how do we specify the correct certificate pair to export?

This is the command we're using.

keytool -importkeystore -srckeystore MyKeystore.jks -srcstoretype JKS
\ -destkeystore keystore.p12 -deststoretype PKCS12

This appears to pick one (at random?) from the JKS file to export. And not the one we want….

Forgive me if I have all this wrong, SSL is way out of my wheelhouse. Thanks for any help.

Best Answer

List the certificates inside a keystore to get the alias

keytool -list -v -keystore KEYSTORE.jks

Convert a JKS file to PKCS12 format (Java 1.6.x and above)

keytool -importkeystore -srckeystore KEYSTORE.jks -destkeystore KEYSTORE.p12 \
-srcstoretype JKS -deststoretype PKCS12 -srcstorepass mysecret  \
-srcalias myalias -destalias myalias

Related Solutions

Tomcat – Exporting Private Key

Believe it or not, this functionality is not supported in keytool. The best solution I have found so far is the software and instructions available for download on this Web site.

I usually generate the key using openssl and then use this method to import the key, as that is not supported by keytool either.

To generate a 2048 bit key:

openssl genrsa -out host.domain.com.key 2048

To create a keystore from this key:

KEY=host.domain.com
openssl pkcs8 -topk8 -nocrypt -in $KEY.key -inform PEM -out key.der -outform DER
openssl x509 -in $KEY.crt -inform PEM -out cert.der -outform DER
wget http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class
java ImportKey key.der cert.der

Ssl – Export SSL Cert from IIS and import into GlassFish keystore

did you export the certificate from your servers certificate store? only there is the private key to the certificate issued by the ca. you need to start an mmc add the certificate snap-in for the computeraccount. go to "personal" certificate and export it there. For windows 2003 i found an article at ms http://technet.microsoft.com/en-us/library/cc737187%28WS.10%29.aspx

Best Answer

Related Solutions

Tomcat – Exporting Private Key

Ssl – Export SSL Cert from IIS and import into GlassFish keystore

Related Topic