java:keytool:list-certificates-from-jks
This is an old revision of the document!
Table of Contents
Create keystore jks file
In keystore we want to import the certificate chain and the private key.
We can't do this directly in keytool.
A PKCS12 file should be created which then will be imported in keystore.
Create PKCS12 file
Concatenate (manually) all intermediary CA certificates into a single file: all_cert.crt. Then run the above command. The snt.key is the private key of the certificate (the last one in the chain). Enter a password for the p12 file.
openssl pkcs12 -export -in snt_full.crt -inkey snt.key -name snt -out snt.p12
Import the p12 file into a jks file. Replace the password123 with the private key password supplied when it was created.
keytool -importkeystore -deststorepass password123 -destkeystore keystore_custom.jks -srckeystore snt.p12 -srcstoretype PKCS12
Output:
Importing keystore snt.p12 to keystore_custom.jks... Enter source keystore password: Entry for alias sentinel successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12".
List JKS entries (certificates)
keytool.exe -list -rfc -keystore keystore.jks | openssl x509 -text
Output:
Enter keystore password: test* Certificate: Data: Version: 3 (0x2) Serial Number: 20 (0x14) Signature Algorithm: sha256WithRSAEncryption Issuer: C = FR, O = Test, CN = Test CA Validity Not Before: Oct 22 14:36:00 2017 GMT Not After : Aug 9 13:17:00 2019 GMT Subject: C = FR, O = Test, CN = Test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b6:18:c9:2a:f8:01:a3:86:e6:32:63 ...............
java/keytool/list-certificates-from-jks.1596905629.txt.gz · Last modified: 2023/07/04 19:36 (external edit)