- To add pem or X.509 cert to java keystore
1
$ keytool -import -alias corporate_proxy -file proxy.pem -keystore jssecacerts
1
$ keytool -import -alias corporate_proxy -file proxy.crt -keystore jssecacerts
- Convert .cer or .crt to .pem
1
$ openssl x509 -inform der -in certnew.cer -out certnew.pem
- Convert .cer or .crt to .der
1
$ openssl x509 -in website.cert -out website.der -outform DER
- Creating a PFX requires certificate to be base64 encoded
1
$ openssl pkcs12 -export -out domain.name.pfx -inkey website_password_protected.key -in website_base64_encoded.cer
- Creating a P12 requires certificate in .pem format and key file
1
$ openssl pkcs12 -inkey website_password_protected.key -in certnew.pem -export -out certnew.p12
- Creating a P12 with root certificates included in p12
1
$ openssl pkcs12 -inkey website_password_protected.key -in certnew.pem -export -out certnew.p12 -CAfile root.crt -caname root -name application_name
- Importing a p12 store in another keystore
1
2
# importing with passwords
$ keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore server.keystore -srckeystore certnew.p12 -srcstoretype PKCS12 -srcstorepass password
1
2
# importing without passwords
$ keytool -importkeystore -srcstoretype PKCS12 -srckeystore website_password_protected.p12 -destkeystore server.keystore
- Converting a .p7b file to .cer file
1
2
# if file type is DER
$ openssl pkcs7 -inform DER -outform PEM -in certnew.p7b -print_certs > certificate_bundle.cer
1
$ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
- Convert key to pkcs8 key
1
$ openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in website_cert.key -out website_cert.pkcs8.key
- change p12 password
1
$ keytool -importkeystore -srckeystore website_password_protected.p12 -srcstoretype PKCS12 -srcstorepass 1491cc0a80be -destkeystore website_new.p12 -deststoretype PKCS12 -deststorepass FR678uhbnht0033er -destkeypass FR678uhbnht0033er