I was using keystore explorer tool to create a server crt and a private key file from my PKCS12 keystore file. The tools is great.
Is there any corresponding keytool commandline equivalent?
Asked
Active
Viewed 2,292 times
1 Answers
1
NO. keytool has no operations either to write out a privatekey alone from a keystore or read in a privatekey alone to a keystore. This is why we get hundreds of questions about the latter, mostly on other Stacks where they are on-topic. For the most recent one I answered, see How to resolve : jno_key_entry
For a PKCS12 keystore, openssl pkcs12 -in file -nocerts will extract the privatekey, or privatekeys, in PEM format. By default it/they is/are encrypted and you must give a (new) password, but you can use -nodes to get it/them unencrypted. If there is more than one privatekey in the keystore, you may need to edit the output to select the desired one (or ones).
For other type keystore, use keytool -importkeystore to convert to PKCS12, then continue as above. If (any type) keystore has multiple entries, you can use keytool -importkeystore with -alias to select only the desired entry, and thus not need the editing step above.
Nimantha
- 6,405
- 6
- 28
- 69
dave_thompson_085
- 34,712
- 6
- 50
- 70