How to export public key from .jks file using Keytool?

Question

Right now I'm just trying to change my hostname in WSO2 by following this guide: https://docs.wso2.com/display/IS550/Changing+the+hostname

I've come to Step 4 after generating a .jks file called newkeystore.jks and in this step it should export the public key when I run this in command line:

keytool -export -alias certalias -keystore newkeystore.jks -file <public key name>.pem

I've tried this and I receive the error "The system cannot find the specified file."

My system environment variables are set so I can use keytool properly. I can see that the .jks file is generated and it is not empty. I'm not sure what the problem here is.

score 18 · Accepted Answer · edited Apr 18 '23 at 14:22

18

To me-in-the-past,

Don't waste your time following that guide. I find WSO2 documentation quite unhelpful, and I prefer to learn about WSO2 from outside sources than WSO2 itself. So what you need to do here is, while following the guide, for your command line:

keytool -export -alias newcert -keystore newkeystore.jks -file [insert any name here for your public key].pem

This should work!

edited Apr 18 '23 at 14:22

blackgreen

34,072
23
111
129

answered Jul 27 '18 at 14:15

SaltySea

700
1
7
21

10

I am trying to export the public key. I am getting a binary file instead of a plaintext key. – Souradeep Nanda Oct 09 '19 at 09:07
1

more than likely you are getting a der encoded certificate. you should read this:https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them – mohsen Dec 16 '19 at 02:31
2

aren't you getting the whole certificate with this command instead of 'just' the public key? – Gerardo Cauich Feb 10 '20 at 13:08
4

To export the certificate in PEM format instead of DER add the -rfc option. Ref: http://www.herongyang.com/Cryptography/Certificate-Format-keytool-Export-in-DER-and-PEM.html – asokan Jun 21 '20 at 20:57
1

Thank you for identifying this bug in the documentation and for providing your feedback. I am sorry to hear that you have had a bad experience using WSO2 docs. We are constantly working towards improving the documentation. This particular documentation has been fixed now [1] with the correct commands. [1] https://docs.wso2.com/display/IS550/Changing+the+hostname – Sher_x Nov 19 '18 at 05:09

score 2 · Answer 2 · answered May 11 '22 at 11:53

2

Look here: https://www.directutor.com/content/extracting-public-and-private-keys-java-key-store

Step 3: Extract the “public key” from the “public-private”

keytool -export -alias client -keystore keystore.jks -rfc -file public.cert

answered May 11 '22 at 11:53

NickUnuchek

11,794
12
98
138

score -2 · Answer 3 · edited Apr 18 '23 at 14:25

-2

 $keytool -list -rfc -keystore ${store} -storepass ${password}

edited Apr 18 '23 at 14:25

blackgreen

34,072
23
111
129

answered Aug 19 '21 at 12:01

Rafael marín

1

6

Please add some descriptions of how this command solves the problem. – 4b0 Aug 19 '21 at 12:03

How to export public key from .jks file using Keytool?

3 Answers3