• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

keytool export cert – Export a certificate with Java keytool

January 6, 2020 by Mister PKI Leave a Comment

What is Java keytool?

The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to export a cert from a keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.

Use case to export a cert from a keystore.

On occasion, you may want to move a cert around, into another keystore, or a third party may need your public key. In that case, if you haven’t stored the cert outside of the keystore, it will be necessary to export the certificate from the keystore. You do not want to share the keystore if it contains a private key, but rather the certificate containing the public key.

What keytool command do I use to export a cert from a keystore?

Use this command to export a cert from a keystore using the java keytool. The result will be the X.509 certificate in PEM format. If the -rfc option is left off, the result will be in binary format.

keytool -exportcert \
 -rfc \
 -alias example \
 -file cert.pem \
 -keystore example.p12 \
 -storepass changeit \
 -storetype PKCS12 \
 -v

Java keytool options:

-rfc – Will output in PEM format as defined by RFC 1421.

-alias – The alias of the entry encapsulated in the keystore. The chosen value should enhance the readability of the keystore entries, especially when the keystore contains multiple entries.

-file – The file to contain the exported X.509 certificate.

-keystore – The filename of the keystore.

-storepass – The current keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.

-storetype – Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.

-v – Verbose output.

keytool export cert
keytool export cert

Here are the official keytool docs to dive further into how to export a certificate from a keystore. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__EXPORTDATA-507D3175

Read all of our blog content.

keytool

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • NetScaler ADC configuration history
  • Remove CA from Domain in Active Directory
  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022