How to generate .key and .crt file from JKS file for httpd apache server

Solution 1:

.jks is a keystore, which is a Java thing

use keytool binary from Java.

export the .crt:

keytool -export -alias mydomain -file mydomain.der -keystore mycert.jks

convert the cert to PEM:

openssl x509 -inform der -in mydomain.der -out certificate.pem

export the key:

keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12

convert PKCS12 key to unencrypted PEM:

openssl pkcs12 -in keystore.p12  -nodes -nocerts -out mydomain.key

credits:

  • https://security.stackexchange.com/questions/3779/how-can-i-export-my-private-key-from-a-java-keytool-keystore
  • https://stackoverflow.com/questions/2640691/how-to-export-private-key-from-a-keystore-of-self-signed-certificate
  • https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Solution 2:

Here is what I do,

First export the key :

keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12

For apache ssl certificate file you need certificate only:

openssl pkcs12 -in keystore.p12 -nokeys -out my_key_store.crt

For ssl key file you need only keys:

openssl pkcs12 -in keystore.p12 -nocerts -nodes -out my_store.key