How to extract Private key from keystore ?

There can be a situation where you want to extract private key from your keystore but it is not a straight forward as we think as It involves two steps i.e.

·         Extracting private key from keystore in PKCS#12 format

·         Converting it to .PEM file

Step1: Extracting in PKCS format

keytool -v -importkeystore -srckeystore KEYSTORE_NAME -srcalias CERTIFICATE_ALIAS -destkeystore FILE_NAME.p12 -deststoretype PKCS12

Eg: keytool -v -importkeystore -srckeystore keystore.jks -srcalias  application -destkeystore privatekey.p12 -deststoretype PKCS12

Note: If you don’t know the alias name of your certificate then you can display it:

keytool -list -v -keystore keystore.jks

Step2: Converting it into .PEM FILE

openssl pkcs12 -in privatekey.p12 -out private.pem

            

How to generate SSL Key, CSR and Self Signed Certificate using OpenSSL.

I have already discussed how to generate SSL certificate using keytool over here. In this article, I am going to explain how can you achieved the same thing using OpenSSL tool.

The three differnet files that I am going to generate i.e. :

• waheedtechblog.key
• waheedtechblog.csr
• waheedtechblog.crt

Generate Private key : waheedtechblog.key

openssl genrsa -des3 -out waheedtechblog.key 1024

Generate a Certificate Signing Request (CSR)

Using above generated key file, We will now create the CSR file

openssl req -new -key waheedtechblog.key -out waheedtechblog.csr

Generate a Self-Signed SSL Certificate

openssl x509 -req -days 365 -in waheedtechblog.csr -signkey waheedtechblog.key -out waheedtechblog.crt

These file can be used to enable SSL in Apache Server.

Sometime, we need to remove passphrase to run key in Apache Server, if you get such issue while enabling SSL in Apache Server then run following command to remove passphrase :

openssl rsa -in waheedtechblog.key -out waheedtechblog_new.key

Your new file is key without encryption.

Thank you..!!!!