Java keystore
To list all keys and certificates
keytool -keystore xxx.jks -list
Tomcat's keystore has a default password of "changeit"
Extracting private key
There is no way to do that with keytool. use the following hava program:
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey
{
static public void main
(String[] args
) {
try {
KeyStore ks =
KeyStore.
getInstance("jks");
ks.
load(new FileInputStream(args
[0]),
args
[2].
toCharArray());
Key key = ks.
getKey(args
[1],
args
[2].
toCharArray());
System.
out.
write(key.
getEncoded());
} catch (Exception e
) {
e.
printStackTrace();
System.
out.
println("Usage: java DumpPrivateKey file alias password");
}
}
}
Then use it in combination with openssl:
echo "-----BEGIN PRIVATE KEY-----" > tomcat.key
java DumpPrivateKey tomcat.keystore tomcat changeit | openssl enc -a >> tomcat.key
echo "-----END PRIVATE KEY-----" >> tomcat.key
There you go, you just exported the jks private key to a PEM file.
There are no comments on this page. [Add comment]