Export Private Key From a Java Keytool Keystore

Author | June 2, 2017 | How To | No Comments

Since Java verion 6, you can import/export private keys into PKCS#12 (.p12) files using keytool, using -importkeystore (not available in previous versions).

keytool -importkeystore -srckeystore existing-store.jks -destkeystore new-store.p12 -deststoretype PKCS12

1	keytool -importkeystore -srckeystore existing-store.jks -destkeystore new-store.p12 -deststoretype PKCS12

The PKCS12 keystore type is also supported as a standard keystore type in the default Oracle/Sun security provider.

Once you have the p12 file, you can export the keys using openssl.

Export certificate using openssl:

openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem

1	openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem

Export unencrypted private key:

openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem

1	openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem

Tags:keytool, openssl, pem, pkcs12

About The Author

Author

This site was created to host various server related settings and instructions that have been useful with some of my past projects. Maybe this stuff will be helpful to you too.

Related Posts

About The Author

Author