I have to admit I struggle to understand why SSL is one of the weirdest and most difficult things I get stuck configuring about 2 or 3 times a year. Today I was trying to see a private key as I had a REN server that would not boot properly after a new SSL certificate was installed and I wanted to compare the key that was getting loaded by REN with what I had in my certificate.
It turns out that I had done something very similar a few weeks ago, but in reverse, and I posted this blog on it.
This time in order to see the private key, you have to take the jks keystore and convert it to a p12 keystore, and then export the private key. Again nothing ever is easy with SSL, so this requires two tools: keytool and openssl. You can get openssl from the great folks at sourceforge – click here.
First the conversion from jks to p12:
keytool -v -importkeystore -srckeystore keystore.jks -srcalias certificatekey -destkeystore myp12file.p12 -deststoretype PKCS12
Secondly, now that you have the p12 keystore you can extract the private key:
openssl pkcs12 -in myp12file.p12 -out private.pem