Extracting certificates from java keystore to use in apache.conf
So you have a javakeystore and want to extract the certificate….
heres what I did .. of course I had the passphrase
Downloaded ….
$ java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5.x86_64.rpm
$ rpm -ivh java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5.x86_64.rpm
$ cd /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/keytool
and
$ ./keytool -importkeystore -srckeystore /opt/certs/final/NetworthKeyStore -destkeystore /tmp/mystore.p12 -srcstoretype JKS -deststoretype PKCS12 -noprompt
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias networthpnbkey successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
where KeyStore is the java keystore name
So I got a /tmp/mystore.p12 with everything great
now for some ssl magic
$ openssl pkcs12 -info -in /tmp/mystore.p12
Enter Import Password:
MAC Iteration 1024
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
Bag Attributes
friendlyName: pubkey
localKeyID: 52 69 3D 69 50 41 22 69 33 34 36 36 32 34 34 36 30 35
Key Attributes:
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
Copy the following from output…….
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FE731BD9D499A31B
d12tLvqVX0a3FxOba+uwCiJIxEC8dESEI9GI5Doz1hieu8pZKoz3bwozDBLfLlFA
lvPj4Qi2FmazrZWRTNHQOUcv4aVQ1TmauRtw/LMoieR0b4+VkqTzk/eAe6d3pfr/
BoZxs40f0YaYsgMyYj0HWOIFXmCZnfEgzQBVZPIqcUzBxrV4g7xwjbLBXHJ+wAv+
p+3/ejYvxz/lfn+Nd00TlUZu770wPlRzQT4hwjWuNVfmadA+FpBMk4uW8dDSEMMc
KyW2Qg2nLfXlxMxLIb7DB86eJUS5W5bAHi1S5RNiSNRxXkFZP4xIKnoamsQqoGg7
o1zlVjRo3R/wh7idgLKDSUXX07qHhfOObEem3lbAbu6WuvpPW1Qy8Cr8N4aqHhBW
VvBzyvwajE0yBD9cQSPDZnLhWqu4z9MpQLexSHV398Yd/iOnnTmWnxVxhuINaJr0
40aZ9YsU7EpuCsaJ4Ifuu4Zu5LdC2G+KqRw/RvcLyPc5ie7AB2/mox1qH14W9d60
FZFCd8ZDpS7eNkUMx2qyWRKoaBdkPLp1baY8BWLZR2N7z59RkjGMfQsUpSCArgE/
63+BdMMSqFsRWKfWAWIqFshp/Q7AUdr0Dgftj9A3Ao6i6qA9HGB2MwomH/LXaoxl
759dFjWBMcJ3Fj1+eqoRZWw/+MdZhADhIyTEiksP8FJ8EXrEmalT+jIqVaxVPH51
WnQhGmTXvu3YU99NCpgyTjUo7z3OPyAT5z4QT6PdcPOXM5wR90ExR1YnxTnHLuwE
KhictV+isaH8xAPGB3okffvtYqS/xSubJ88MP5VPfEOvUkGAmqFj4A==
—–END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
MIIB4DCCAUkCAQAwgZ8xCzAJBgNVBAYTAkdCMRYwFAYDVQQIEw1XZXN0IE1pZGxh
bmRzMREwDwYDVQQHEwhDb3ZlbnRyeTETMBEGAAUEChMKUGxhbmV0bGFyZzEUMBIG
HBiePsg26oDwlQ5XOvi+jslQN+u6CQo2rlzMn4OoKrBufp3g2IgRrrwRSxOLpJeX
A1UECxMLSURDIHN1cHBvcnQxFzAVBgNVBAMTDnd3dy5kb21haW4uY29tMSEwHwYJ
KoZIhvcNAQkBFhJpZGNAcGxhbmV0bGFyZy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMQt4q36X3KQ5795HeQSl5D57TAHOeRGw9kEb8WWjZCaCNCFeXU4
XB4ZleozGJVvlhcua1fSSWuEhZOWms5y628sMud5YuxG/rrXrDM4tkNHwsLob3yo
2+5fZyZvopWnWs9Z+Vz/GbOJJvtgkngnVm3rP3cbHEmaWXCzIVgUWPYJAgMBAAGg
ADANBgkqhkiG9w0BAQUFAAOBgQB2rRr2bc+3iQEGvc5zSr9/nw1YBCGJBfMThe+V
KoZIhvcNAQkBFhJpZGNAcGxhbmV0bGFyZy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
A1UECxMLSURDIHN1cHBvcnQxFzAVBgNVBAMTDnd3dy5kb21haW4uY29tMSEwHwYJ
ADANBgkqhkiG9w0BAQUFAAOBgQB2rRr2bc+3iQEGvc5zSr9/nw1YBCGJBfMThe+V
bmRzMREwDwYDVQQHEwhDb3ZlbnRyeTETMBEGAAUEChMKUGxhbmV0bGFyZzEUMBIG
WdIpJN6cONDEF8hXtEKbpSmeu7ioUsLWDiQJ/Vab/XR9Uz9gsjs7ztm6ZTFhlYUD
HBiePsg26oDwlQ5XOvi+jslQN+u6CQo2rlzMn4OoKrBufp3g2IgRrrwRSxOLpJeX
KaAO32si+7euiprm79a3CcRrWSjpfKX6FhkGIu9BbQ==
—–END CERTIFICATE—–
Go ahead and import in your apache config
No comments yet.
-
Recent
- Set Time Zone + Fedora 18
- Fedora 17 + Tata Photon (Huawei)
- Fedora 17: Install OpenSSH Server
- Change the default keyring password
- Error: Could not stat() command file ‘/usr/local/nagios/var/rw/nagios.cmd’!
- Gnone 3.X adding personal launcher
- Gnome 3.x Change Panel
- KDE remove autostart programs
- GPS on Linux
- Debian Squeeze change root password
- Download YouTube Videos on Linux
- Pidgin + The certificate for omega.contacts.msn.com could not be validated
-
Links
-
Archives
- April 2013 (1)
- September 2012 (2)
- August 2012 (2)
- July 2012 (2)
- November 2011 (1)
- July 2011 (1)
- April 2011 (1)
- January 2011 (1)
- November 2010 (1)
- September 2010 (2)
- July 2010 (3)
- March 2010 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS
Leave a Reply