Created
July 27, 2022 22:09
-
-
Save jrwarwick/f3cc73f41720af5ce433adc310649632 to your computer and use it in GitHub Desktop.
Code Signing Certificate Conversion: from Java Keystore+(issued)Cert to PFX (combined)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #We're starting with a Java Keystore (in adkeystore.dat), and we want to end up with a combined PFX | |
| #first jks out to PFX, but just the key | |
| keytool -importkeystore -srckeystore adkeystore.dat -destkeystore CodeSigning_keyonly.pfx -deststoretype pkcs12 -deststorepass KEEPASS -destkeypass KEEPASS | |
| #then "refine it" to a plain PEM (still key only) | |
| openssl pkcs12 -in CodeSigning_keyonly.pfx -nocerts -out isolated_key.pem -nodes | |
| #then combine isolated key with issued (public) cert | |
| openssl pkcs12 -export -out CodeSigning_combined.pfx -inkey isolated_key.pem -in CodeSigning_$(date '+%Y')*.crt | |
| #Optional review: | |
| openssl pkcs12 -info -in CodeSigning_combined.pfx | egrep 'issuer|subject|--*BEGIN' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment