Curl with Java KeyStore

curl-with-java-keystore.md

cURL with Java Keystore/Truststore

Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:

1. Convert keystore to p12 file
2. Convert p12 file to pem file
3. Run curl command with pem files

Convert keystore to p12 file

keytool -importkeystore -srckeystore truststore.jks \
                        -destkeystore truststore.p12 \
                        -srcstoretype JKS \
                        -deststoretype PKCS12 \
                        -deststorepass password \
                        -srcstorepass password \
                        -noprompt

Convert p12 file to pem file

openssl pkcs12 -in truststore.p12 -passin pass:password -out truststore.pem

Run curl command with pem files

Example curl request with loading trusted certificates:

curl secret --cacert truststore.pem https://localhost:8443/api/hello

Example curl request for mutual authentication, loading trusted certificates and loading private and public key of the client:

Repeat step 1 (if applicable) choosing the correct alias and step 2 for the identity.jks, but with different options, which contains the keypair.

keytool -importkeystore -srckeystore keystore.jks \
                        -destkeystore client.pfx -deststoretype PKCS12 \
                        -srcalias mykey \
                        -deststorepass password \
                        -destkeypass password \
                        -srcstorepass password \
                        -noprompt

openssl pkcs12 -in client.pfx -passin pass:password -out client.p12 -nodes

Then call cURL

curl --cert identity.pem --cacert truststore.pem https://localhost:8443/api/hello