Category: Uncategorized

How to extract Certificate and private key from jks

WSO2 products are shipped with jks key store. In this post we are going to see how to extract the public key certificate and private key from wso2cabon.jks to PEM using keytool and openssl.

  1.  Convert JKS to PCKS12 using keytool

     keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore mystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass wso2carbon -deststorepass destpass -srcalias wso2carbon -destalias myalias -srckeypass wso2carbon -destkeypass destpass -noprompt

    This will create mystore.p12 keystore which is  PKCS12 type

  2. Extract public certificate from mystore.p12 to PEM using openssl

     openssl pkcs12 -in mystore.p12 -out wso2.pem

    This will create wso2.pem file with public certificate as follow,


    -----BEGIN CERTIFICATE-----
    MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV
    UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoM
    BFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAy
    MTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN
    TW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzO
    M4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe
    0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXn
    RS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcN
    AQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTm
    xbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogR
    Kv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=
    -----END CERTIFICATE-----

  3.  Extract private key from mystore.p12 to PEM using openssl

     openssl pkcs12 -in mystore.p12 -nocerts -out wso2.key -passin pass:destpass

    once executed this command you will be asked for pass phrase.Private key will be encrypted by this pass phrase to enforce security.

    Encrypted private key(wso2.key file) will looks like this,


    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUOibMhIr4VUCAggA
    MBQGCCqGSIb3DQMHBAhUdc2GGS3L8gSCAoAs/RzzpoW8G3AHKQPAELcTzAic6nDx
    lccNoAzbO6yAdfodYqsjFYICwVg9fYMo7hDF0C3W/TkT1/Wk4ettmWO4J7dPVpeA
    uUW1kD9HmzRlizcg8+Ot0wO+RV1gTiB73uB2pPllcZmXSVxc9JDWWUzO+DDv+gbN
    dtqq+8n9so7NIgMHy+zNC0hVL4IWRevAcN6zzu4qLKj/YdwrjNGjN15wuLZZgYnG
    Bd4zfil+nH9bjrG1hGnei6F8GDbZ79KspL0b99rZKkScU8ND0dyZRm06ItXTD2Rv
    emwFAV0rBfm8IVKdRQ0v2z5hHl808okX6d4vgensc1QYoEG9LuDpBcZRPXizdoSu
    89DVxWJgtiad5mPc67VHPBQMU/tO1yzZJuuw9bZEITbkWQNB0XMEYkIiCEFJVjF6
    ifLUKj35x6a8uJvbZTPJZcMbdGfWtwP/RnXxmjK5GF2e+JmAjZl2VuiBftF5IAth
    CMh/0qarIlpwzXB+My1o1dGVCk9TyQ0UO/wQD+uVRA29pmX8NuyHPx9B6v+KUXvJ
    GZwLYeI1DAGG/H64HSRaiUihSBDC1fY5rX24pQAgPn5fc90ENAzIn+a9rQOMa6az
    LkJQH7yC1Gkz1npIoIZAaYvcpJ2X9/CltPzf7oK/ZQ2BHI1bcYvyALO/QW1SnB1M
    yjRBtjcfoSpDCQo8BuXzyNOjjTDxn6UbVMqlbzuiU4k5Gqlqslji1vvttKerQqwn
    NTY4Xf/4Nhsxp/Tf/fOFYsLocMwhwjJdMpEBz9Co6cKZvkyXMYxoiHoFLeoB2Gor
    bHmHJ/xWYCQHSVQvF8e2QnjmQHBTwD7+EbaRgPZCK2EJ3tFk7aA4EykC
    -----END ENCRYPTED PRIVATE KEY-----

  4. Get the DECRYPTED private key/Remove pass phrase from private key

    openssl rsa -in wso2.key -out wso2.key

    Now wso2.key file will have decrypted private key as follow,

    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu81
    8MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk
    53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQAB
    AoGAS/+ooju4a9po67zIGTEkqrQmsJC1HAPZo0bOmQK38LRzcps8Bmao9tjjbuVq
    ogEj2xgjtHyNPSn3oBUA3v33usJ6YqwVrWsC6FwmZhq8Avsf94qm4hiTHe1AdxWm
    ZGTs1eSYc6JnPIp0iVjHEfssIlGN+7LX1Q6kdbCf482dTnUCQQDvLwmtjlUASW84
    zL5PEnNCorlcJ8qjGKlbcur2Lrn3vSCyX4cIWMxPNsCGvS2IO1Ctmz7yssnobhX6
    iOaFOZVPAkEAnxuSwN4Kdw9Zku8cc7aifnJuEjzuEemM1cmwGSqilL0xUijVeeyq
    fyy+1o7VFDa/nWPmmEZSqPNR6utcvLQU9wJAIycmpPtmQsSINDDjR3vOtNx1obW3
    coENYwNgxQ3ZBzAkvhKMJg3m+T1yzlq/dmZBVUKb3c+pHSAQ2uGD/9CWwQJAVRy4
    6ndc/ce2UQWcIMJINoAcJaF2cRqQfiTAERZfllWGtr6lQ+24XwOeqsQJdCC9bAJu
    7nJf8YUIAzUYjNGAjQJBAKskkwcdhzvVcs7llm3+wWEzbMXzvNBmkZGRhDX6jtUI
    J4U9RTHivqMeym4vp0mggaD4zc8qzG1NPDOp0p5AxBg=
    -----END RSA PRIVATE KEY-----

Advertisements