How to convert a certificate-private key pair in a keystore to PEM format

Fecha de publicación: Mar 2, 2024

Tarea

GOAL

Sometime you need to use an existing certificate and private key pair, stored in a Java keystore file, for a use that requires a PEM formated certificate. For example PEM certificates are needed to create a Dedicated Load Balancer.

Pasos

First you'll need to export the pair to a PKCS12 file. You can do that with the keytool utility provided by the JDK:

$ keytool -importkeystore -srckeystore keystore.jks -destkeystore exported.p12 -deststoretype PKCS12

Then we can use OpenSSL to extract the public certificate and the private key to individual files, in PEM format. If OpenSSL is not installed, you'll need to use an appropriate method to install it in your system.

$ openssl pkcs12 -nokeys -in exported.p12 -out publicCert.pem
$ openssl pkcs12 -nocerts -nodes -in exported.p12 -out secret.key

If you want to use the certificate and key to create a Dedicated Load Balancer you'll need to remove the extra lines above the '-----BEGIN CERTIFICATE-----' line in both files. After that you use the files with the Anypoint CLI tool:

$ anypoint-cli cloudhub load-balancer create myVPC myLB publicCert.pem secret.key

Número del artículo de conocimiento

001114824

¿Resolvió este artículo su problema?

¡Háganos saber cómo podemos mejorar!

How to convert a certificate-private key pair in a keystore to PEM format

GOAL

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List