Derwynd's Weblog

Extracting certificates from java keystore to use in apache.conf

So you have a javakeystore and want to extract the certificate….

heres what I did .. of course I had the passphrase

Downloaded ….
$ java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5.x86_64.rpm

$ rpm -ivh java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5.x86_64.rpm

$ cd /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/keytool

and
$ ./keytool -importkeystore -srckeystore /opt/certs/final/NetworthKeyStore -destkeystore /tmp/mystore.p12 -srcstoretype JKS -deststoretype PKCS12 -noprompt

Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias networthpnbkey successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

where KeyStore is the java keystore name

So I got a /tmp/mystore.p12 with everything great
now for some ssl magic
$ openssl pkcs12 -info -in /tmp/mystore.p12

Enter Import Password:
MAC Iteration 1024
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
Bag Attributes
friendlyName: pubkey
localKeyID: 52 69 3D 69 50 41 22 69 33 34 36 36 32 34 34 36 30 35
Key Attributes:
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

Copy the following from output…….

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FE731BD9D499A31B

d12tLvqVX0a3FxOba+uwCiJIxEC8dESEI9GI5Doz1hieu8pZKoz3bwozDBLfLlFA
lvPj4Qi2FmazrZWRTNHQOUcv4aVQ1TmauRtw/LMoieR0b4+VkqTzk/eAe6d3pfr/
BoZxs40f0YaYsgMyYj0HWOIFXmCZnfEgzQBVZPIqcUzBxrV4g7xwjbLBXHJ+wAv+
p+3/ejYvxz/lfn+Nd00TlUZu770wPlRzQT4hwjWuNVfmadA+FpBMk4uW8dDSEMMc
KyW2Qg2nLfXlxMxLIb7DB86eJUS5W5bAHi1S5RNiSNRxXkFZP4xIKnoamsQqoGg7
o1zlVjRo3R/wh7idgLKDSUXX07qHhfOObEem3lbAbu6WuvpPW1Qy8Cr8N4aqHhBW
VvBzyvwajE0yBD9cQSPDZnLhWqu4z9MpQLexSHV398Yd/iOnnTmWnxVxhuINaJr0
40aZ9YsU7EpuCsaJ4Ifuu4Zu5LdC2G+KqRw/RvcLyPc5ie7AB2/mox1qH14W9d60
FZFCd8ZDpS7eNkUMx2qyWRKoaBdkPLp1baY8BWLZR2N7z59RkjGMfQsUpSCArgE/
63+BdMMSqFsRWKfWAWIqFshp/Q7AUdr0Dgftj9A3Ao6i6qA9HGB2MwomH/LXaoxl
759dFjWBMcJ3Fj1+eqoRZWw/+MdZhADhIyTEiksP8FJ8EXrEmalT+jIqVaxVPH51
WnQhGmTXvu3YU99NCpgyTjUo7z3OPyAT5z4QT6PdcPOXM5wR90ExR1YnxTnHLuwE
KhictV+isaH8xAPGB3okffvtYqS/xSubJ88MP5VPfEOvUkGAmqFj4A==
—–END RSA PRIVATE KEY—–

—–BEGIN CERTIFICATE—–
MIIB4DCCAUkCAQAwgZ8xCzAJBgNVBAYTAkdCMRYwFAYDVQQIEw1XZXN0IE1pZGxh
bmRzMREwDwYDVQQHEwhDb3ZlbnRyeTETMBEGAAUEChMKUGxhbmV0bGFyZzEUMBIG
HBiePsg26oDwlQ5XOvi+jslQN+u6CQo2rlzMn4OoKrBufp3g2IgRrrwRSxOLpJeX
A1UECxMLSURDIHN1cHBvcnQxFzAVBgNVBAMTDnd3dy5kb21haW4uY29tMSEwHwYJ
KoZIhvcNAQkBFhJpZGNAcGxhbmV0bGFyZy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMQt4q36X3KQ5795HeQSl5D57TAHOeRGw9kEb8WWjZCaCNCFeXU4
XB4ZleozGJVvlhcua1fSSWuEhZOWms5y628sMud5YuxG/rrXrDM4tkNHwsLob3yo
2+5fZyZvopWnWs9Z+Vz/GbOJJvtgkngnVm3rP3cbHEmaWXCzIVgUWPYJAgMBAAGg
ADANBgkqhkiG9w0BAQUFAAOBgQB2rRr2bc+3iQEGvc5zSr9/nw1YBCGJBfMThe+V
KoZIhvcNAQkBFhJpZGNAcGxhbmV0bGFyZy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
A1UECxMLSURDIHN1cHBvcnQxFzAVBgNVBAMTDnd3dy5kb21haW4uY29tMSEwHwYJ
ADANBgkqhkiG9w0BAQUFAAOBgQB2rRr2bc+3iQEGvc5zSr9/nw1YBCGJBfMThe+V
bmRzMREwDwYDVQQHEwhDb3ZlbnRyeTETMBEGAAUEChMKUGxhbmV0bGFyZzEUMBIG
WdIpJN6cONDEF8hXtEKbpSmeu7ioUsLWDiQJ/Vab/XR9Uz9gsjs7ztm6ZTFhlYUD
HBiePsg26oDwlQ5XOvi+jslQN+u6CQo2rlzMn4OoKrBufp3g2IgRrrwRSxOLpJeX
KaAO32si+7euiprm79a3CcRrWSjpfKX6FhkGIu9BbQ==
—–END CERTIFICATE—–

Go ahead and import in your apache config

January 14, 2010 - Posted by derwynd | Uncategorized