> From: owner-openssl-us...@openssl.org On Behalf Of eoinmoon > Sent: Wednesday, 10 March, 2010 11:00
> my attempts have failed to convert an private > key[generated in java keystore and exported via java code] to > a PEM format > which I need for my application. > > These are the steps I have done: > > Keytool -v -genkey -keyalg RSA -keysize 1024 -keystore > c:\security\keystore > -alias XXXX -dname "cn=servername.domain.com, ou=None, L=YYY, ST=TTTT, > o=ExampleOrg, c=US > > I then created CSR's,etc [assuming it uses the private key in > the keystore], > got is signed and imported it back into the keystore. > Nit: you created a CSR and used it to get a cert. The cert is signed, but it is not *just* a signed CSR (or .TBS); it has some differences. > I then exported the certs and converted them into PEM format. > - All ok it > seems > > I then exported the private key [in java code], checked it > was in PKCS8 form <snip> FYI, another approach that might be easier if you only need the Openssl/PEM results and not the PKCS8 itself: Standard-JRE keytool can create a PKCS*12* that Openssl can read: keytool -importkeystore -srckeystore your.jks -destkeystore output.p12 -deststoretype pkcs12 [-alias item] # default all, more than 1 less convenient in OpenSSL openssl pkcs12 -in output.p12 [options to select key, cert(s), etc.] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
