java:keytool:list-certificates-from-jks
This is an old revision of the document!
Table of Contents
Create keystore jks file
In keystore we want to import:
- the certificate chain
- the private key
We can't do this directly in keytool.
A PKCS12 file should be created which then will be imported in keystore.
Create PKCS12 file
Concatenate (manually) all intermediary CA certificates into a single file: all_cert.crt. Then run the above command. The snt.key is the private key of the certificate (the last one in the chain). Enter a password for the p12 file.
openssl pkcs12 -export -in snt_full.crt -inkey snt.key -name snt -out snt.p12
Import the p12 file into a jks file
Replace the password123 with the private key password supplied when it was created.
keytool -importkeystore -deststorepass password123 -destkeystore keystore_custom.jks -srckeystore snt.p12 -srcstoretype PKCS12
Output:
Importing keystore snt.p12 to keystore_custom.jks... Enter source keystore password: Entry for alias sentinel successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12".
List JKS entries (certificates)
keytool.exe -list -rfc -keystore keystore.jks | openssl x509 -text
Output:
Enter keystore password: test* Certificate: Data: Version: 3 (0x2) Serial Number: 20 (0x14) Signature Algorithm: sha256WithRSAEncryption Issuer: C = FR, O = Test, CN = Test CA Validity Not Before: Oct 22 14:36:00 2017 GMT Not After : Aug 9 13:17:00 2019 GMT Subject: C = FR, O = Test, CN = Test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b6:18:c9:2a:f8:01:a3:86:e6:32:63 ...............
java/keytool/list-certificates-from-jks.1596905928.txt.gz · Last modified: 2023/07/04 19:36 (external edit)