当前位置: 文江博客话题详情

将 Java 密钥库转换为 PEM 格式

发布于 2024-07-15 02:45:29 字数 342 浏览 8 评论 0原文

我正在尝试使用 keytool 和 openssl 应用程序将 Java 密钥库文件转换为 PEM 文件。 但是,我找不到理想的转换方法。 有什么想法吗?

我没有将密钥库直接转换为 PEM,而是尝试先创建一个 PKCS12 文件,然后将其转换为相关的 PEM 文件和密钥库。 但是,我无法使用它们建立连接。

(请注意,我需要一个 PEM 文件和一个密钥库文件来实现安全连接。没有像“从 java 密钥库文件启动”这样的限制。所以在我的情况下从其他格式启动是可以接受的)

但是从 < code>jks 到 pem 更好。

原文

I am trying to convert from a Java keystore file into a PEM file using keytool and openssl applications. However, I could not find an ideal way to do the conversion. Any thoughts?

Instead of converting the keystore directly into PEM, I tried to create a PKCS12 file first and then convert it into a relevant PEM file and Keystore. However, I could not establish a connection using them.

(Note that I need a PEM file and a Keystore file to implement a secured connection. There is no restriction like "Start from a java keystore file". So starting from other formats is acceptable in my case)

But a direct conversion method from jks to pem is preferable.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(16

你另情深 2024-07-22 02:45:29

这非常简单,至少使用 jdk6...

bash$ keytool -keystore foo.jks -genkeypair -alias foo \
        -dname 'CN=foo.example.com,L=Melbourne,ST=Victoria,C=AU'
Enter keystore password:  
Re-enter new password: 
Enter key password for 
        (RETURN if same as keystore password):  
bash$ keytool -keystore foo.jks -exportcert -alias foo | \
       openssl x509 -inform der -text
Enter keystore password:  asdasd
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1237334757 (0x49c03ae5)
        Signature Algorithm: dsaWithSHA1
        Issuer: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Validity
            Not Before: Mar 18 00:05:57 2009 GMT
            Not After : Jun 16 00:05:57 2009 GMT
        Subject: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub: 
                    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
                    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:
 

bash$ keytool -importkeystore -srckeystore foo.jks \
       -destkeystore foo.p12 \
       -srcstoretype jks \
       -deststoretype pkcs12
Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Entry for alias foo successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

bash$ openssl pkcs12 -in foo.p12 -out foo.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

bash$ openssl x509 -text -in foo.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1237334757 (0x49c03ae5)
        Signature Algorithm: dsaWithSHA1
        Issuer: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Validity
            Not Before: Mar 18 00:05:57 2009 GMT
            Not After : Jun 16 00:05:57 2009 GMT
        Subject: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub: 
                    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
                    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:
 

bash$ openssl dsa -text -in foo.pem
read DSA key
Enter PEM pass phrase:
Private-Key: (1024 bit)
priv:
    00:8f:b1:af:55:63:92:7c:d2:0f:e6:f3:a2:f5:ff:
    1a:7a:fe:8c:39:dd
pub: 
    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:

您最终会得到:

  • foo.jks - java 格式的密钥库。
  • foo.p12 - PKCS#12 格式的密钥库。
  • foo.pem - 来自密钥库的所有密钥和证书,采用 PEM 格式。

(如果您愿意,最后一个文件可以分为密钥和证书。)

命令摘要 - 创建 JKS 密钥库:

keytool -keystore foo.jks -genkeypair -alias foo \
    -dname 'CN=foo.example.com,L=Melbourne,ST=Victoria,C=AU'

命令摘要 - 将 JKS 密钥库转换为 PKCS#12 密钥库,然后转换为 PEM 文件:

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcstoretype jks \
   -deststoretype pkcs12

openssl pkcs12 -in foo.p12 -out foo.pem

如果您有多个证书在您的 JKS 密钥库中,并且您只想导出与其中一个别名关联的证书和密钥,您可以使用以下变体:

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcalias foo \
   -srcstoretype jks \
   -deststoretype pkcs12

openssl pkcs12 -in foo.p12 -out foo.pem

命令摘要 - 将 JKS 密钥库与 PEM 文件进行比较:

keytool -keystore foo.jks -exportcert -alias foo | \
   openssl x509 -inform der -text

openssl x509 -text -in foo.pem

openssl dsa -text -in foo.pem

It's pretty straightforward, using jdk6 at least...

bash$ keytool -keystore foo.jks -genkeypair -alias foo \
        -dname 'CN=foo.example.com,L=Melbourne,ST=Victoria,C=AU'
Enter keystore password:  
Re-enter new password: 
Enter key password for 
        (RETURN if same as keystore password):  
bash$ keytool -keystore foo.jks -exportcert -alias foo | \
       openssl x509 -inform der -text
Enter keystore password:  asdasd
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1237334757 (0x49c03ae5)
        Signature Algorithm: dsaWithSHA1
        Issuer: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Validity
            Not Before: Mar 18 00:05:57 2009 GMT
            Not After : Jun 16 00:05:57 2009 GMT
        Subject: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub: 
                    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
                    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:
 

bash$ keytool -importkeystore -srckeystore foo.jks \
       -destkeystore foo.p12 \
       -srcstoretype jks \
       -deststoretype pkcs12
Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Entry for alias foo successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

bash$ openssl pkcs12 -in foo.p12 -out foo.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

bash$ openssl x509 -text -in foo.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1237334757 (0x49c03ae5)
        Signature Algorithm: dsaWithSHA1
        Issuer: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Validity
            Not Before: Mar 18 00:05:57 2009 GMT
            Not After : Jun 16 00:05:57 2009 GMT
        Subject: C=AU, ST=Victoria, L=Melbourne, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: dsaEncryption
            DSA Public Key:
                pub: 
                    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
                    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:
 

bash$ openssl dsa -text -in foo.pem
read DSA key
Enter PEM pass phrase:
Private-Key: (1024 bit)
priv:
    00:8f:b1:af:55:63:92:7c:d2:0f:e6:f3:a2:f5:ff:
    1a:7a:fe:8c:39:dd
pub: 
    00:e2:66:5c:e0:2e:da:e0:6b:a6:aa:97:64:59:14:
    7e:a6:2e:5a:45:f9:2f:b5:2d:f4:34:27:e6:53:c7:

You end up with:

  • foo.jks - keystore in java format.
  • foo.p12 - keystore in PKCS#12 format.
  • foo.pem - all keys and certs from keystore, in PEM format.

(This last file can be split up into keys and certificates if you like.)

Command summary - to create JKS keystore:

keytool -keystore foo.jks -genkeypair -alias foo \
    -dname 'CN=foo.example.com,L=Melbourne,ST=Victoria,C=AU'

Command summary - to convert JKS keystore into PKCS#12 keystore, then into PEM file:

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcstoretype jks \
   -deststoretype pkcs12

openssl pkcs12 -in foo.p12 -out foo.pem

if you have more than one certificate in your JKS keystore, and you want to only export the certificate and key associated with one of the aliases, you can use the following variation:

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcalias foo \
   -srcstoretype jks \
   -deststoretype pkcs12

openssl pkcs12 -in foo.p12 -out foo.pem

Command summary - to compare JKS keystore to PEM file:

keytool -keystore foo.jks -exportcert -alias foo | \
   openssl x509 -inform der -text

openssl x509 -text -in foo.pem

openssl dsa -text -in foo.pem
回复 原文
泼猴你往哪里跑 2024-07-22 02:45:29

使用 StoBor 的命令时,我不断收到来自 openssl 的错误:

MAC verified OK
Error outputting keys and certificates
139940235364168:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535:
139940235364168:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:97:
139940235364168:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:123:

出于某种原因,只有这种类型的命令适用于我的 JKS 文件

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcstoretype jks \
   -srcalias mykey \
   -deststoretype pkcs12 \
   -destkeypass DUMMY123

关键是设置 destkeypass,即争论并不重要。

I kept getting errors from openssl when using StoBor's command:

MAC verified OK
Error outputting keys and certificates
139940235364168:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535:
139940235364168:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:97:
139940235364168:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:123:

For some reason, only this style of command would work for my JKS file

keytool -importkeystore -srckeystore foo.jks \
   -destkeystore foo.p12 \
   -srcstoretype jks \
   -srcalias mykey \
   -deststoretype pkcs12 \
   -destkeypass DUMMY123

The key was setting destkeypass, the value of the argument did not matter.

回复 原文
埋葬我深情 2024-07-22 02:45:29

使用 keytool 直接将 jks 转换为 pem 文件

keytool -exportcert -alias selfsigned -keypass password -keystore test-user.jks -rfc -file test-user.pem

Direct conversion from jks to pem file using the keytool

keytool -exportcert -alias selfsigned -keypass password -keystore test-user.jks -rfc -file test-user.pem
回复 原文
眼泪都笑了 2024-07-22 02:45:29

keytool 命令不允许您从密钥存储中导出私钥。 您必须编写一些 Java 代码来执行此操作。 打开密钥存储,获取所需的密钥,并将其保存到 PKCS #8 格式的文件中。 也保存关联的证书。

KeyStore ks = KeyStore.getInstance("jks");
/* Load the key store. */
...
char[] password = ...;
/* Save the private key. */
FileOutputStream kos = new FileOutputStream("tmpkey.der");
Key pvt = ks.getKey("your_alias", password);
kos.write(pvt.getEncoded());
kos.flush();
kos.close();
/* Save the certificate. */
FileOutputStream cos = new FileOutputStream("tmpcert.der");
Certificate pub = ks.getCertificate("your_alias");
cos.write(pub.getEncoded());
cos.flush();
cos.close();

使用 OpenSSL 实用程序将这些文件(二进制格式)转换为 PEM 格式。

openssl pkcs8 -inform der -nocrypt < tmpkey.der > tmpkey.pem
openssl x509 -inform der < tmpcert.der > tmpcert.pem

The keytool command will not allow you to export the private key from a key store. You have to write some Java code to do this. Open the key store, get the key you need, and save it to a file in PKCS #8 format. Save the associated certificate too.

KeyStore ks = KeyStore.getInstance("jks");
/* Load the key store. */
...
char[] password = ...;
/* Save the private key. */
FileOutputStream kos = new FileOutputStream("tmpkey.der");
Key pvt = ks.getKey("your_alias", password);
kos.write(pvt.getEncoded());
kos.flush();
kos.close();
/* Save the certificate. */
FileOutputStream cos = new FileOutputStream("tmpcert.der");
Certificate pub = ks.getCertificate("your_alias");
cos.write(pub.getEncoded());
cos.flush();
cos.close();

Use OpenSSL utilities to convert these files (which are in binary format) to PEM format.

openssl pkcs8 -inform der -nocrypt < tmpkey.der > tmpkey.pem
openssl x509 -inform der < tmpcert.der > tmpcert.pem
回复 原文
晨曦÷微暖 2024-07-22 02:45:29

将 JKS 文件转换为 PEM 和 KEY 格式(.crt 和 .key)的简化说明:

keytool -importkeystore -srckeystore <Source-Java-Key-Store-File> -destkeystore <Destination-Pkcs12-File> -srcstoretype jks -deststoretype pkcs12 -destkeypass <Destination-Key-Password>

openssl pkcs12 -in <Destination-Pkcs12-File> -out <Destination-Pem-File>

openssl x509 -outform der -in <Destination-Pem-File> -out <Destination-Crt-File>

openssl rsa -in <Destination-Pem-File> -out <Destination-Key-File>

Simplified instructions to converts a JKS file to PEM and KEY format (.crt & .key):

keytool -importkeystore -srckeystore <Source-Java-Key-Store-File> -destkeystore <Destination-Pkcs12-File> -srcstoretype jks -deststoretype pkcs12 -destkeypass <Destination-Key-Password>

openssl pkcs12 -in <Destination-Pkcs12-File> -out <Destination-Pem-File>

openssl x509 -outform der -in <Destination-Pem-File> -out <Destination-Crt-File>

openssl rsa -in <Destination-Pem-File> -out <Destination-Key-File>
回复 原文
滥情空心 2024-07-22 02:45:29

使用以下命令可以轻松完成将 JKS KeyStore 转换为单个 PEM 文件:

keytool -list -rfc -keystore "myKeystore.jks" | sed -e "/-*BEGIN [A-Z]*-*/,/-*END [A-Z]-*/!d" >> "myKeystore.pem"

说明:

  1. keytool -list -rfc -keystore "myKeystore.jks" 列出了 'myKeyStore.jks' KeyStore 中的所有内容PEM 格式。 但是,它还会打印额外的信息。
  2. <代码>| sed -e "/-*BEGIN [AZ]*-*/,/-*END [AZ]-*/!d" 过滤掉我们不需要的所有内容。 我们只剩下 KeyStore 中所有内容的 PEM。
  3. <代码>>> "myKeystore.pem" 将 PEM 写入文件“myKeyStore.pem”。

Converting a JKS KeyStore to a single PEM file can easily be accomplished using the following command:

keytool -list -rfc -keystore "myKeystore.jks" | sed -e "/-*BEGIN [A-Z]*-*/,/-*END [A-Z]-*/!d" >> "myKeystore.pem"

Explanation:

  1. keytool -list -rfc -keystore "myKeystore.jks" lists everything in the 'myKeyStore.jks' KeyStore in PEM format. However, it also prints extra information.
  2. | sed -e "/-*BEGIN [A-Z]*-*/,/-*END [A-Z]-*/!d" filters out everything we don't need. We are left with only the PEMs of everything in the KeyStore.
  3. >> "myKeystore.pem" write the PEMs to the file 'myKeyStore.pem'.
回复 原文
赠佳期 2024-07-22 02:45:29

首先将密钥库从 JKS 转储到 PKCS12

1。
keytool -importkeystore -srckeystore ~/.android/debug.keystore -destkeystore middle.p12 -srcstoretype JKS -deststoretype PKCS12

将新的 pkcs12 文件转储到 pem

  1. openssl pkcs12 -in middle.p12 -nodes -out middle.rsa.pem

您应该拥有 pem 格式的证书和私钥。 把他们分开。
将“BEGIN CERTIFICATE”和“END CERTIFICATE”之间的部分放入cert.x509.pem
将“BEGIN RSA PRIVATE KEY”和“END RSA PRIVATE KEY”之间的部分放入 private.rsa.pem
按照signapk 3的预期将私钥转换为pk8格式


openssl pkcs8 -topk8 -outform DER -in private.rsa.pem -inform PEM -out private.pk8 -nocrypt

First dump the keystore from JKS to PKCS12

1.
keytool -importkeystore -srckeystore ~/.android/debug.keystore -destkeystore intermediate.p12 -srcstoretype JKS -deststoretype PKCS12

Dump the new pkcs12 file into pem

  1. openssl pkcs12 -in intermediate.p12 -nodes -out intermediate.rsa.pem

You should have both the cert and private key in pem format. Split them up.
Put the part between “BEGIN CERTIFICATE” and “END CERTIFICATE” into cert.x509.pem
Put the part between “BEGIN RSA PRIVATE KEY” and “END RSA PRIVATE KEY” into private.rsa.pem
Convert the private key into pk8 format as expected by signapk

3.
openssl pkcs8 -topk8 -outform DER -in private.rsa.pem -inform PEM -out private.pk8 -nocrypt

回复 原文
巾帼英雄 2024-07-22 02:45:29

如果您没有安装 openssl 并且正在寻找快速解决方案,可以使用名为 portcle 的软件这是非常有用的,而且下载量很小。

缺点是据我所知没有命令行。
但从 GUI 中,导出 PEM 私钥非常简单:

  1. 打开 JKS 密钥存储
  2. ,右键单击私钥条目并选择导出

  3. 选择私钥和证书以及 PEM 格式

    使用 Portcle 从 JKS 导出 PEM 私钥

In case you don't have openssl installed and you are looking for a quick solution, there is software called portcle which is very useful and small to download.

The disadvantage is that there is no command line as far as I know.
But from the GUI, it is pretty straight forward to export a PEM private key:

  1. Open you JKS key store
  2. Right click over your private key entry and select export

  3. Select Private Key and certificates and PEM format

    Export PEM private key from JKS with Portcle

回复 原文
染墨丶若流云 2024-07-22 02:45:29

假设您的密钥库文件是 abcd.jks 并且它位于 C:\Data,

请在 cmd 窗口中的文件所在位置尝试此操作:

keytool -export -rfc -keystore C:\Data\abcd.jks -alias abcd -file C:\Data\abcd.pem

下一步,出现提示时输入密码,您将在指定的位置获得转换后的格式

Suppose your keystore file is abcd.jks and its present at C:\Data,

try this in cmd window, at the location where the file is present:

keytool -export -rfc -keystore C:\Data\abcd.jks -alias abcd -file C:\Data\abcd.pem

Give password next, when prompted, and you will get the converted format at the location specified

回复 原文
她比我温柔 2024-07-22 02:45:29

打开终端并转到 jks 文件位置
并写下>>>>>
keytool -export -rfc -alias key0 -文件 android_certificate.pem -keystore androidkey.jks

open your terminal and going to jks file location
and write this >>>>
keytool -export -rfc -alias key0 -file android_certificate.pem -keystore androidkey.jks

回复 原文
隐诗 2024-07-22 02:45:29

好吧,OpenSSL 应该可以从 #12 文件轻松完成

openssl pkcs12 -in pkcs-12-certificate-file -out pem-certificate-file
openssl pkcs12 -in pkcs-12-certificate-and-key-file -out pem-certificate-and-key-file

也许更多细节错误/失败是什么?

Well, OpenSSL should do it handily from a #12 file:

openssl pkcs12 -in pkcs-12-certificate-file -out pem-certificate-file
openssl pkcs12 -in pkcs-12-certificate-and-key-file -out pem-certificate-and-key-file

Maybe more details on what the error/failure is?

回复 原文
老娘不死你永远是小三 2024-07-22 02:45:29

尝试 Keystore Explorer http://keystore-explorer.org/

KeyStore Explorer 是一个开源 GUI 替代品Java 命令行实用程序 keytool 和 jarsigner。 它也支持 openssl/pkcs12。

Try Keystore Explorer http://keystore-explorer.org/

KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. It does openssl/pkcs12 as well.

回复 原文
拧巴小姐 2024-07-22 02:45:29

首先创建密钥库文件为

C:\Program Files\Android\Android Studio\jre\bin>keytool -keystore androidkey.jks -genkeypair -alias androidkey

输入密钥库密码:
重新输入新密码:
您的名字和姓氏是什么?
未知:名字姓氏
您的组织部门的名称是什么?
未知:移动开发
您的组织名称是什么?
未知:您的公司名称
您所在城市或地区的名称是什么?
您所在的州或省的名称是什么?

该设备的两个字母的国家/地区代码是什么?
未知:IN //按 Enter

现在它会要求确认

CN=名字姓氏、OU=移动开发、O=您的公司名称、L=城市名称、ST=州名称、C=IN 是否正确?
[否]:

输入密钥密码
(如果与密钥库密码相同,则返回):如果您想要相同的密码,请按 Enter

密钥已经生成,现在您可以使用以下命令简单地获取pem文件

C:\Program Files\Android\Android Studio\jre\bin>keytool -export -rfc -alias androidkey -file android_certificate.pem -keystore androidkey。 jks
输入密钥库密码:
证书存储在文件中

first create keystore file as

C:\Program Files\Android\Android Studio\jre\bin>keytool -keystore androidkey.jks -genkeypair -alias androidkey

Enter keystore password:
Re-enter new password:
What is your first and last name?
Unknown: FirstName LastName
What is the name of your organizational unit?
Unknown: Mobile Development
What is the name of your organization?
Unknown: your company name
What is the name of your City or Locality?
What is the name of your State or Province?

What is the two-letter country code for this unit?
Unknown: IN //press enter

Now it will ask to confirm

Is CN=FirstName LastName, OU=Mobile Development, O=your company name, L=CityName, ST=StateName, C=IN correct?
[no]: yes

Enter key password for
(RETURN if same as keystore password): press enter if you want same password

key has been generated, now you can simply get pem file using following command

C:\Program Files\Android\Android Studio\jre\bin>keytool -export -rfc -alias androidkey -file android_certificate.pem -keystore androidkey.jks
Enter keystore password:
Certificate stored in file

回复 原文
夏了南城 2024-07-22 02:45:29

我只需要执行以下两个命令就可以完成这项工作

# openssl pkcs12 -info -nodes -in /srv/apache-tomcat-8.5.72/conf/cert.jks -nokeys 2>&1| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.crt
Enter Import Password:
# openssl pkcs12 -info -nodes -in /srv/apache-tomcat-8.5.72/conf/cert.jks -nocerts 2>&1| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.key
Enter Import Password:

I just leave following two commands here that does the job

# openssl pkcs12 -info -nodes -in /srv/apache-tomcat-8.5.72/conf/cert.jks -nokeys 2>&1| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.crt
Enter Import Password:
# openssl pkcs12 -info -nodes -in /srv/apache-tomcat-8.5.72/conf/cert.jks -nocerts 2>&1| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.key
Enter Import Password:
回复 原文
鹤舞 2024-07-22 02:45:29

keytool -exportcert -alias selfsigned -keypass password -keystore key-store.jks -rfc -file test-user.pem

该命令会提示输入 keyStore 密码 - 输入密钥库密码

密码 - 密钥密码。
key-store - 密钥库文件(jks 或 keystore),

当您拥有相同的 keykeystore 密码时,这会很容易。

keytool -exportcert -alias selfsigned -keypass password -keystore key-store.jks -rfc -file test-user.pem

The command will prompt to enter keyStore password - Enter the keystore password

password - The key password.
key-store - The keystore file (jks or keystore)

it will be easy when you have key and keystore passwords the same.

回复 原文
波浪屿的海角声 2024-07-22 02:45:29

将 Java 密钥库转换为 PEM 格式

最准确的答案一定是这是不可能的。

Java 密钥库只是加密密钥证书的存储设施,而 PEM 仅是 X.509 证书的文件格式。

Converting a Java Keystore into PEM Format

The most precise answer of all must be that this is NOT possible.

A Java keystore is merely a storage facility for cryptographic keys and certificates while PEM is a file format for X.509 certificates only.

回复 原文
~没有更多了~

关于作者

极度宠爱

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

謌踐踏愛綪

文章 0 评论 0

开始看清了

文章 0 评论 0

高速公鹿

文章 0 评论 0

alipaysp_PLnULTzf66

文章 0 评论 0

热情消退

文章 0 评论 0

白色月光

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文