Some seems to have used complicated mechanisms including writing new software to do so. Here's a simple approach:
1. Import the keystore from JKS to PKCS12
Note that the above command will generate a warning regarding '-destkeypass'. But if you omit that option, importing does not work properly (I tried in JDK 1.6.0_03).
2. Convert pkcs12 to pem using openssl
That's it. Try 'cat mystore.pem'. You will see that both the private key and the certificate appears there.
If you are familiar with openssl and wish to use the private key to sign say another certificate, you can try the following:
Note that here we assume the private key in mystore.pem is of a certificate authority (CA).
I didn't try the reverse of this. That is getting the private key in a pem file to a jks file. Hopefully, the same steps executed in reverse order (with the in/out options reversed) should work.
- In case you are interested in a cool script (works in Linux) that generates keys, certificates and signatures, look at http://www.swview.org/jkscertgen
- If you need a collection of keys, certificates to test your application (in the form of .jks files), visit this page: http://www.swview.org/blog/sample-x509-certificate-collection-publicprivate-keys-java