asked on

How to extract a private key cert from a nks (command line, instead of GUI)

I perform the following command from an exercise:

keytool -genkey -alias First_Java_Cert -keyalg RSA -keystore /home/first/keystore/keystore.jks -storepass passw0rd -dname "CN=first, O=IBM, C=GB" -keypass passw0rd

So I just created a certificate with both a private and public key using the keytool.

Now I perform the following:

keytool -export -keystore /home/first/keystore/keystore.jks -storepass passw0rd -alias First_Java_Cert -file /home/import/First_Java_Cert.cer

This extracts a certificate with a public key.

(Am I correct in my assumptions so far?)

So using a command line program (non-GUI) that would come with either Windows or Java, could someone please post how to extract a private key from the .jks

Thanks

ASKER CERTIFIED SOLUTION

becraig

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Anthony Lucia

ASKER

In this example it says

Private key Export
>>openssl.exe pkcs12 -in C:\certs\test.pfx -nocerts -out privateKey.pem

Open in new window

Regarding the option -nocerts, Does this mean that a private key does not have a certificate (Does the above command not extract a cert)

Also stated:

Public key Export
One being the public key which you can export with the command:
openssl.exe pkcs12 -in C:\certs\test.pfx -clcerts -nokeys -out publicCert.pem

Open in new window

Regarding the option -nokeys, why does it say -nokeys, when you are clearly exporting a public key ?

SOLUTION

becraig

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

becraig

membership

This solution is only available to members.