I got a Keystore and trust store with the extensions .com_keystore and .com_truststore. And I need to change it to .PEM files. I have done this before but it's the.JKS file or I already had the .PEM files.
The folder has three files. Foo.com_truststore Foo.com_keystore password.
This is not a programming question or issue which is now the consensus topic of SO, although years ago (before other Stacks existed) topicality was broader. It is also dupe Converting a Java Keystore into PEM Format (already auto-suggested) and Keytool command line for server crt and private key (mine) and cross https://serverfault.com/questions/715827/how-to-generate-key-and-crt-file-from-jks-file-for-httpd-apache-server (a more suitable location)
'keystore' or 'truststore' describes the contents and purpose of a file, not its format aka type. Assuming these are or were for Java, which you tagged but didn't actually say, there are about half a dozen possible formats, and some answers differ by type. If you are on Unix (or on Windows with a Unixy subsystem like WSL on Windows 10, Cygwin, or a virtual machine) the file command should tell you which you have. Otherwise if you hava Java 9 up, keytool -list will probably show the correct type. (j8 often won't, due to some compatibility hacks introduced to ease transitioning the default to PKCS12 in j9 up.)
For PKCS12, you can use openssl pkcs12 to read it and output its contents in PEM. You can include only keys or only certs or both, and certs that do or don't match keys (in the keystore); for details see why "openssl pkcs12 -in keystore.p12 -out client-certificate.pem -clcerts -nokeys" need -nokeys .
For any other Java-supported format you can use keytool -importkeystore to convert it to PKCS12, as described in the Q linked above, and then apply the first part of this approach.
For any Java-supported format you can obtain a certificate, or all certificates, in PEM format using keytool { -exportcert -alias $name | -list } -rfc [-file $outfile | >$outfile ]. This works for a truststore, but does not include the privatekey(s) from a keystore.
For any Java-supported format you can download and use KeystoreExplorer. I believe portcle also, but I don't use that myself.
Note that PEM files are not a single thing but a category -- while these processes all produce PEM files they may or may not be the droids ^W PEM files you want. If so you need to be more specific.
