4
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

OpenSSLで作成したPEM形式の証明書をJavaのkeytoolのキーストア(JKS)に変換する方法

Last updated at Posted at 2021-07-09

OpenSSLで作成したPEM形式の証明書をJavaのkeytoolのキーストア(JKS)に変換した際の手順を紹介します。

環境

  • OS:CentOS Linux release 7.8.2003
[root@CENTOS7 test]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@CENTOS7 test]#
  • openssl:OpenSSL 1.0.2k-fips
[root@CENTOS7 test]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
[root@CENTOS7 test]#
  • java:java version "14" 2020-03-17
[root@CENTOS7 test]# java -version
java version "14" 2020-03-17
Java(TM) SE Runtime Environment (build 14+36-1461)
Java HotSpot(TM) 64-Bit Server VM (build 14+36-1461, mixed mode, sharing)
[root@CENTOS7 test]#

手順

1. OpenSSLで秘密鍵を作成

openssl genrsa -aes256 -passout pass:<秘密鍵のパスフレーズ> -out <秘密鍵のファイル名> 2048

実行結果
[root@CENTOS7 test]# openssl genrsa -aes256 -passout pass:keypass -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...............................................................+++
.....................+++
e is 65537 (0x10001)
[root@CENTOS7 test]# ls -l
合計 4
-rw-r--r-- 1 root root 1766  7月 10 00:30 key.pem
[root@CENTOS7 test]#

2. 秘密鍵の内容確認

openssl rsa -text -noout -in <秘密鍵のファイル名> -passin pass:<秘密鍵のパスフレーズ>

実行結果
[root@CENTOS7 test]# openssl rsa -text -noout -in key.pem -passin pass:keypass
Private-Key: (2048 bit)
modulus:
    00:b1:77:ca:bc:15:78:bc:70:4a:d3:8a:2d:c2:3e:
    e8:50:74:f1:53:ef:98:9b:ae:19:67:0a:48:83:45:
    3b:c9:64:93:8a:c2:71:2d:7f:89:64:26:c6:e1:5a:
    c1:70:58:85:c8:24:23:e9:ff:85:0a:00:54:2e:c6:
    0b:a7:b1:70:7d:d4:11:80:0f:4e:a4:9b:05:72:fc:
    d5:89:c3:29:18:a6:36:4a:27:10:45:64:46:e7:cd:
    00:1e:ee:40:82:43:ff:25:a8:6d:fd:aa:d9:92:47:
    e1:46:cd:c9:41:96:89:4c:3c:cb:0b:00:46:a9:53:
    af:9a:b8:d1:93:b9:73:12:cc:f8:78:89:8c:99:92:
    79:d6:f0:3e:00:08:b1:5e:12:6e:f5:47:01:f7:b3:
    94:2a:2f:cd:df:bf:3b:10:6c:d0:e2:6e:5d:b2:8a:
    3d:c5:70:2d:2a:f4:21:ae:cd:e6:a3:cd:d7:25:02:
    6d:3e:13:2d:49:71:0e:93:1f:03:18:b1:28:e8:0f:
    98:23:e3:9b:ff:e9:e7:7b:7b:0c:bf:7b:b2:80:4f:
    d9:f4:e7:d9:c0:fb:46:22:59:31:a9:06:d5:b1:71:
    45:8f:eb:3c:ea:92:2e:59:1b:71:2b:4b:8e:bc:00:
    38:64:68:cc:94:72:98:34:26:eb:21:0b:63:90:03:
    75:65
publicExponent: 65537 (0x10001)
privateExponent:
    06:a6:8e:9a:6d:d3:90:7c:44:d1:98:a4:0e:5b:7d:
    29:46:b8:a4:84:9e:1b:77:72:cc:41:be:65:ec:fa:
    48:99:d4:4d:a6:eb:c6:e0:b8:ad:60:26:a3:db:5a:
    d4:72:fc:d0:7b:4a:3d:42:ae:21:a9:d1:7d:cf:3e:
    30:92:9d:bc:99:6d:ee:76:a4:63:d6:cb:65:7b:c4:
    24:dd:83:74:c1:05:d7:d1:8e:f2:8a:c7:7d:78:59:
    40:cf:7c:eb:64:d0:f3:00:54:de:e4:c0:32:93:2f:
    06:10:40:32:8d:09:a8:29:bf:12:32:78:73:70:07:
    6c:ac:f0:6d:b0:cd:77:2e:d7:38:a8:1d:47:13:47:
    a8:ac:62:66:ce:aa:63:94:54:44:1c:ce:01:cd:5d:
    1d:ac:05:33:23:dd:ff:18:d0:13:00:4f:97:47:d1:
    3e:f4:9a:aa:92:61:5a:da:b4:1e:49:8f:08:94:49:
    7b:6f:2d:ad:c7:d5:6b:57:d6:b5:06:53:96:a7:68:
    78:8d:9e:b5:7b:24:68:ae:39:48:c9:65:62:11:66:
    88:4e:20:1d:49:b7:54:42:e7:3c:5b:bd:fb:62:bb:
    db:9b:34:29:bc:ea:ae:d2:5a:0b:fc:61:b9:e1:96:
    14:b9:79:7c:57:70:fc:10:c1:c4:4e:11:cc:2f:2e:
    21
prime1:
    00:e7:de:f4:ba:81:5c:c0:dc:bb:b6:09:ca:be:fb:
    23:eb:d5:d6:b3:00:e1:cd:cd:42:a4:57:01:24:eb:
    31:8f:2f:c8:93:df:ef:a5:8d:66:e7:1a:86:9e:3a:
    32:5a:f3:25:a1:32:8a:44:75:09:d3:b7:af:48:3e:
    37:9b:da:06:1f:62:cb:6e:e0:6f:72:68:df:fe:e9:
    b4:4e:99:c6:5e:0c:76:7a:a8:d7:89:b3:4e:1f:9f:
    67:52:e6:49:5d:33:b0:b4:0a:c2:ff:c2:85:6a:f6:
    d6:61:b3:d8:55:ec:16:35:44:00:e4:b8:1a:ec:66:
    42:b8:bb:35:8a:dd:cb:a7:b3
prime2:
    00:c3:ef:8a:32:13:26:02:c7:c0:4d:42:03:73:67:
    3c:14:2b:d5:d2:07:25:46:76:a8:7c:2c:e7:a9:6e:
    bc:98:05:fe:be:30:e4:c1:34:ec:c0:ba:d8:ac:9a:
    8a:f9:a8:8f:79:44:ad:50:01:ab:d6:f7:bf:c6:00:
    22:65:11:f2:af:c6:d4:83:53:7f:14:6b:7b:f3:d8:
    61:a3:90:ff:bc:53:74:69:20:37:76:0e:51:c6:d3:
    99:1d:60:dd:bf:76:2c:37:a2:70:cf:67:4f:d8:ac:
    cb:39:55:6c:ca:16:72:c5:98:87:c7:91:32:6c:e5:
    e4:6c:3d:d3:8a:e9:26:e2:87
exponent1:
    72:71:b6:43:13:b4:8f:30:a3:a9:ae:dd:96:33:e8:
    bf:ef:54:c0:17:50:5c:3e:d2:84:c0:b8:bc:db:25:
    23:f2:46:c2:ce:05:bf:a5:b2:43:a0:f1:0e:c9:d4:
    ae:d5:52:1e:65:0e:9f:c9:50:a7:62:03:2e:da:1e:
    a2:5b:13:28:8c:9f:b2:43:2e:5e:be:ea:c8:2b:db:
    a5:eb:fa:5f:d3:30:eb:4b:c8:ce:9b:64:94:f1:1d:
    93:6a:3c:8d:b7:04:a1:68:aa:64:88:43:47:cf:3b:
    73:0f:cc:58:64:65:75:b6:f1:e5:f2:04:bf:e7:9d:
    49:06:85:df:db:a7:38:47
exponent2:
    60:79:78:b5:31:42:7d:09:f7:c0:d2:a9:3a:50:71:
    7f:89:19:ee:21:40:94:52:66:a1:45:c7:07:61:14:
    11:52:9a:5c:f1:5c:21:59:ba:dd:26:e2:fb:11:d9:
    2e:16:76:16:82:df:47:4e:9b:5a:ec:80:0b:b1:13:
    3e:6a:b8:f1:1d:d8:93:95:30:34:50:bc:26:93:bb:
    77:bb:34:80:79:23:0f:84:22:6a:c9:a0:30:63:0d:
    b8:2e:72:e1:0c:01:b7:9f:0f:26:c0:3a:cb:78:41:
    54:48:a0:99:5c:b6:44:5e:d7:34:47:64:e9:c3:c4:
    56:1b:97:26:85:a8:74:cf
coefficient:
    4e:de:4b:4f:d4:b8:ac:4e:f1:67:aa:28:2c:e5:80:
    e2:02:ee:24:22:d8:67:9f:1a:57:26:01:08:73:16:
    b3:51:96:75:65:15:91:ae:92:b2:9b:29:d9:98:8a:
    5c:17:e5:44:27:d3:c0:07:96:8a:f2:14:1d:6b:6d:
    58:b9:54:dc:fc:6d:d1:80:02:c1:09:eb:5a:ab:8f:
    c8:3b:b2:64:2b:4b:fd:f9:e2:c9:24:07:d9:21:36:
    47:1a:c9:cb:82:1d:fb:d3:b7:6c:09:16:ba:c6:5d:
    99:52:60:da:3e:ac:45:36:53:d9:b8:7f:0b:35:2f:
    c2:aa:3c:7f:41:e0:b9:64
[root@CENTOS7 test]#

3. CSR(証明書署名要求)の作成

openssl req -new -key <秘密鍵のファイル名> -out <CSRのファイル名> -subj "/C=<国コード>/ST=<都道府県>/L=<市町村>/O=<組織の名称>/OU=<組織の部局の名前>/CN=<サーバの FQDN>" -passin pass:<秘密鍵のパスフレーズ>

実行結果
[root@CENTOS7 test]# openssl req -new -key key.pem -out csr.pem -subj "/C=JP/ST=KANAGAWA/L=YOKOHAMA/O=SAMPLE CORP/OU=DEV1/CN=yasushi.local" -passin pass:keypass
[root@CENTOS7 test]# ls -l
合計 8
-rw-r--r-- 1 root root 1017  7月 10 00:32 csr.pem
-rw-r--r-- 1 root root 1766  7月 10 00:30 key.pem
[root@CENTOS7 test]#

4. CSR(証明書署名要求)の確認

openssl req -text -noout -in <CSRのファイル名>

実行結果
[root@CENTOS7 test]# openssl req -text -noout -in csr.pem
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=JP, ST=KANAGAWA, L=YOKOHAMA, O=SAMPLE CORP, OU=DEV1, CN=yasushi.local
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:ca:bc:15:78:bc:70:4a:d3:8a:2d:c2:3e:
                    e8:50:74:f1:53:ef:98:9b:ae:19:67:0a:48:83:45:
                    3b:c9:64:93:8a:c2:71:2d:7f:89:64:26:c6:e1:5a:
                    c1:70:58:85:c8:24:23:e9:ff:85:0a:00:54:2e:c6:
                    0b:a7:b1:70:7d:d4:11:80:0f:4e:a4:9b:05:72:fc:
                    d5:89:c3:29:18:a6:36:4a:27:10:45:64:46:e7:cd:
                    00:1e:ee:40:82:43:ff:25:a8:6d:fd:aa:d9:92:47:
                    e1:46:cd:c9:41:96:89:4c:3c:cb:0b:00:46:a9:53:
                    af:9a:b8:d1:93:b9:73:12:cc:f8:78:89:8c:99:92:
                    79:d6:f0:3e:00:08:b1:5e:12:6e:f5:47:01:f7:b3:
                    94:2a:2f:cd:df:bf:3b:10:6c:d0:e2:6e:5d:b2:8a:
                    3d:c5:70:2d:2a:f4:21:ae:cd:e6:a3:cd:d7:25:02:
                    6d:3e:13:2d:49:71:0e:93:1f:03:18:b1:28:e8:0f:
                    98:23:e3:9b:ff:e9:e7:7b:7b:0c:bf:7b:b2:80:4f:
                    d9:f4:e7:d9:c0:fb:46:22:59:31:a9:06:d5:b1:71:
                    45:8f:eb:3c:ea:92:2e:59:1b:71:2b:4b:8e:bc:00:
                    38:64:68:cc:94:72:98:34:26:eb:21:0b:63:90:03:
                    75:65
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         19:3d:20:eb:36:78:8b:bc:9c:e4:ce:e1:7e:03:82:b6:9f:ad:
         ef:67:af:16:5e:db:e4:7f:4b:b7:93:52:15:0e:86:77:ff:3a:
         01:52:24:d9:42:cb:c3:d5:ff:da:f5:43:dd:27:b5:fa:57:53:
         5b:1f:2f:13:e2:5c:c2:bb:cb:eb:4f:15:ac:a0:ee:13:3a:c3:
         11:cf:c1:85:74:2c:e8:d1:12:af:8b:2c:df:dd:95:8f:e7:f8:
         36:2a:f6:c0:4e:a3:3b:c7:e6:95:bb:66:6c:4e:14:8d:5e:ac:
         40:34:26:38:a7:03:2f:64:3b:a4:1b:94:7a:f1:1b:15:8d:97:
         96:24:d8:77:31:77:cf:ef:8e:ed:b7:5d:9b:a5:e8:75:ca:3e:
         9e:9d:06:31:75:2f:f6:23:1f:b7:a2:1a:53:bc:fd:6f:ad:eb:
         49:fe:77:b1:bf:f2:3f:2e:b0:91:b8:f9:07:71:48:ee:0d:32:
         53:7d:a1:d3:a1:5c:13:ae:42:ba:bd:2b:0f:e1:61:47:44:f0:
         6b:6a:08:4d:c8:ef:31:07:30:a2:aa:93:0f:68:f4:bb:6c:61:
         f9:f3:7d:51:e7:07:c0:35:1d:bc:ad:53:e0:38:c2:5f:76:4e:
         a9:0e:57:b6:fe:28:4a:8d:7c:08:f2:95:33:a9:a7:ad:c1:55:
         41:e5:b7:ac
[root@CENTOS7 test]#

4. CSRに自己署名して証明書作成

openssl x509 -req -in <CSRのファイル名> -passin pass:<秘密鍵のパスフレーズ> -out <証明書のファイル名> -signkey <秘密鍵のファイル名> -days <有効日数> -sha256

実行結果
[root@CENTOS7 test]# openssl x509 -req -in csr.pem -passin pass:keypass -out cert.pem -signkey key.pem -days 366 -sha256
Signature ok
subject=/C=JP/ST=KANAGAWA/L=YOKOHAMA/O=SAMPLE CORP/OU=DEV1/CN=yasushi.local
Getting Private key
[root@CENTOS7 test]# ls -l
合計 12
-rw-r--r-- 1 root root 1224  7月 10 00:59 cert.pem
-rw-r--r-- 1 root root 1017  7月 10 00:32 csr.pem
-rw-r--r-- 1 root root 1766  7月 10 00:30 key.pem
[root@CENTOS7 test]#

5. 証明書の確認

openssl x509 -text -noout -in <証明書のファイル名>

実行結果
[root@CENTOS7 test]# openssl x509 -text -noout -in cert.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            c6:3a:f2:00:fc:30:10:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=JP, ST=KANAGAWA, L=YOKOHAMA, O=SAMPLE CORP, OU=DEV1, CN=yasushi.local
        Validity
            Not Before: Jul  9 15:59:44 2021 GMT
            Not After : Jul 10 15:59:44 2022 GMT
        Subject: C=JP, ST=KANAGAWA, L=YOKOHAMA, O=SAMPLE CORP, OU=DEV1, CN=yasushi.local
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:ca:bc:15:78:bc:70:4a:d3:8a:2d:c2:3e:
                    e8:50:74:f1:53:ef:98:9b:ae:19:67:0a:48:83:45:
                    3b:c9:64:93:8a:c2:71:2d:7f:89:64:26:c6:e1:5a:
                    c1:70:58:85:c8:24:23:e9:ff:85:0a:00:54:2e:c6:
                    0b:a7:b1:70:7d:d4:11:80:0f:4e:a4:9b:05:72:fc:
                    d5:89:c3:29:18:a6:36:4a:27:10:45:64:46:e7:cd:
                    00:1e:ee:40:82:43:ff:25:a8:6d:fd:aa:d9:92:47:
                    e1:46:cd:c9:41:96:89:4c:3c:cb:0b:00:46:a9:53:
                    af:9a:b8:d1:93:b9:73:12:cc:f8:78:89:8c:99:92:
                    79:d6:f0:3e:00:08:b1:5e:12:6e:f5:47:01:f7:b3:
                    94:2a:2f:cd:df:bf:3b:10:6c:d0:e2:6e:5d:b2:8a:
                    3d:c5:70:2d:2a:f4:21:ae:cd:e6:a3:cd:d7:25:02:
                    6d:3e:13:2d:49:71:0e:93:1f:03:18:b1:28:e8:0f:
                    98:23:e3:9b:ff:e9:e7:7b:7b:0c:bf:7b:b2:80:4f:
                    d9:f4:e7:d9:c0:fb:46:22:59:31:a9:06:d5:b1:71:
                    45:8f:eb:3c:ea:92:2e:59:1b:71:2b:4b:8e:bc:00:
                    38:64:68:cc:94:72:98:34:26:eb:21:0b:63:90:03:
                    75:65
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         2b:50:10:ec:74:7d:b1:49:17:7c:4c:8c:f5:6e:67:65:f5:8b:
         fc:b1:ff:46:d5:9d:ea:f6:ec:0e:1b:4e:50:d6:77:55:b5:32:
         56:d8:f3:35:81:ef:41:64:55:ae:d9:fe:eb:e6:59:a3:75:20:
         b2:9a:39:85:3e:52:ee:30:fa:dc:06:ea:29:51:b9:58:b2:5d:
         5d:d1:8b:22:1c:f3:2e:22:00:bf:34:6b:5b:84:c6:84:a8:37:
         f8:55:6a:13:92:e3:ab:ee:5f:c2:17:41:9c:17:4d:13:40:ce:
         47:39:9f:56:57:e3:80:c0:66:d2:42:48:ff:68:ff:e7:47:6b:
         4e:67:5a:38:49:c6:86:72:ba:ac:45:95:52:80:8d:a0:b3:ec:
         bd:9e:9b:f6:46:79:9d:e7:2a:20:8b:47:ca:72:d9:b6:5b:e1:
         12:eb:e3:30:01:49:7e:be:fa:be:79:99:98:b2:ba:8b:82:10:
         99:54:bf:a3:0a:08:c5:2f:c2:5e:ca:32:15:9e:ea:4d:68:3c:
         6d:79:6c:bc:9d:a1:3d:4f:75:a9:f1:d4:0c:ba:94:82:05:27:
         d2:19:a0:48:05:67:d3:3c:fd:af:fc:40:54:9f:0a:cc:7f:21:
         b8:f7:88:05:7f:7f:bd:86:24:ec:12:a3:bc:9e:f5:87:8d:70:
         22:44:7f:9a
[root@CENTOS7 test]#

6. 秘密鍵と証明書をPKCS12形式に変換

openssl pkcs12 -export -in <証明書のファイル名> -name <エイリアス> -inkey <秘密鍵のファイル名> -passin pass:<秘密鍵のパスフレーズ> -out <PKCS12キーストアのファイル名> -passout pass:<PKCS12キーストアのパスワード>

※PKCS12ではキーストアファイルのパスワードと秘密鍵のパスワードが同じになります。

実行結果
[root@CENTOS7 test]# openssl pkcs12 -export -in cert.pem -name test -inkey key.pem -passin pass:keypass -out keystore.p12 -passout pass:storepass
[root@CENTOS7 test]# ls -l
合計 16
-rw-r--r-- 1 root root 1224  7月 10 00:59 cert.pem
-rw-r--r-- 1 root root 1017  7月 10 00:32 csr.pem
-rw-r--r-- 1 root root 1766  7月 10 00:30 key.pem
-rw-r--r-- 1 root root 2518  7月 10 01:05 keystore.p12
[root@CENTOS7 test]#

7. OpenSSLでPKCS12キーストアの内容確認

openssl pkcs12 -in <PKCS12キーストアのファイル名> -nodes -passin pass:<PKCS12キーストアのパスワード> | openssl x509 -noout -fingerprint -text

実行結果
[root@CENTOS7 test]# openssl pkcs12 -in keystore.p12 -nodes -passin pass:storepass | openssl x509 -noout -fingerprint -text
MAC verified OK
SHA1 Fingerprint=63:2D:44:40:8B:2D:B4:3C:05:7F:F6:0A:B4:C1:19:40:D6:E9:44:D0
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            c6:3a:f2:00:fc:30:10:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=JP, ST=KANAGAWA, L=YOKOHAMA, O=SAMPLE CORP, OU=DEV1, CN=yasushi.local
        Validity
            Not Before: Jul  9 15:59:44 2021 GMT
            Not After : Jul 10 15:59:44 2022 GMT
        Subject: C=JP, ST=KANAGAWA, L=YOKOHAMA, O=SAMPLE CORP, OU=DEV1, CN=yasushi.local
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:ca:bc:15:78:bc:70:4a:d3:8a:2d:c2:3e:
                    e8:50:74:f1:53:ef:98:9b:ae:19:67:0a:48:83:45:
                    3b:c9:64:93:8a:c2:71:2d:7f:89:64:26:c6:e1:5a:
                    c1:70:58:85:c8:24:23:e9:ff:85:0a:00:54:2e:c6:
                    0b:a7:b1:70:7d:d4:11:80:0f:4e:a4:9b:05:72:fc:
                    d5:89:c3:29:18:a6:36:4a:27:10:45:64:46:e7:cd:
                    00:1e:ee:40:82:43:ff:25:a8:6d:fd:aa:d9:92:47:
                    e1:46:cd:c9:41:96:89:4c:3c:cb:0b:00:46:a9:53:
                    af:9a:b8:d1:93:b9:73:12:cc:f8:78:89:8c:99:92:
                    79:d6:f0:3e:00:08:b1:5e:12:6e:f5:47:01:f7:b3:
                    94:2a:2f:cd:df:bf:3b:10:6c:d0:e2:6e:5d:b2:8a:
                    3d:c5:70:2d:2a:f4:21:ae:cd:e6:a3:cd:d7:25:02:
                    6d:3e:13:2d:49:71:0e:93:1f:03:18:b1:28:e8:0f:
                    98:23:e3:9b:ff:e9:e7:7b:7b:0c:bf:7b:b2:80:4f:
                    d9:f4:e7:d9:c0:fb:46:22:59:31:a9:06:d5:b1:71:
                    45:8f:eb:3c:ea:92:2e:59:1b:71:2b:4b:8e:bc:00:
                    38:64:68:cc:94:72:98:34:26:eb:21:0b:63:90:03:
                    75:65
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         2b:50:10:ec:74:7d:b1:49:17:7c:4c:8c:f5:6e:67:65:f5:8b:
         fc:b1:ff:46:d5:9d:ea:f6:ec:0e:1b:4e:50:d6:77:55:b5:32:
         56:d8:f3:35:81:ef:41:64:55:ae:d9:fe:eb:e6:59:a3:75:20:
         b2:9a:39:85:3e:52:ee:30:fa:dc:06:ea:29:51:b9:58:b2:5d:
         5d:d1:8b:22:1c:f3:2e:22:00:bf:34:6b:5b:84:c6:84:a8:37:
         f8:55:6a:13:92:e3:ab:ee:5f:c2:17:41:9c:17:4d:13:40:ce:
         47:39:9f:56:57:e3:80:c0:66:d2:42:48:ff:68:ff:e7:47:6b:
         4e:67:5a:38:49:c6:86:72:ba:ac:45:95:52:80:8d:a0:b3:ec:
         bd:9e:9b:f6:46:79:9d:e7:2a:20:8b:47:ca:72:d9:b6:5b:e1:
         12:eb:e3:30:01:49:7e:be:fa:be:79:99:98:b2:ba:8b:82:10:
         99:54:bf:a3:0a:08:c5:2f:c2:5e:ca:32:15:9e:ea:4d:68:3c:
         6d:79:6c:bc:9d:a1:3d:4f:75:a9:f1:d4:0c:ba:94:82:05:27:
         d2:19:a0:48:05:67:d3:3c:fd:af:fc:40:54:9f:0a:cc:7f:21:
         b8:f7:88:05:7f:7f:bd:86:24:ec:12:a3:bc:9e:f5:87:8d:70:
         22:44:7f:9a
[root@CENTOS7 test]#

8. keytoolでPKCS12キーストアの内容確認

keytool -list -v -keystore <PKCS12キーストアのファイル名> -storetype PKCS12 -storepass <PKCS12キーストアのパスワード>

実行結果
[root@CENTOS7 test]# keytool -list -v -keystore keystore.p12 -storetype PKCS12 -storepass storepass
キーストアのタイプ: PKCS12
キーストア・プロバイダ: SUN

キーストアには1エントリが含まれます

別名: test
作成日: 2021/07/10
エントリ・タイプ: PrivateKeyEntry
証明書チェーンの長さ: 1
証明書[1]:
所有者: CN=yasushi.local, OU=DEV1, O=SAMPLE CORP, L=YOKOHAMA, ST=KANAGAWA, C=JP
発行者: CN=yasushi.local, OU=DEV1, O=SAMPLE CORP, L=YOKOHAMA, ST=KANAGAWA, C=JP
シリアル番号: c63af200fc301068
有効期間の開始日: Sat Jul 10 00:59:44 JST 2021終了日: Mon Jul 11 00:59:44 JST 2022
証明書のフィンガプリント:
         SHA1: 63:2D:44:40:8B:2D:B4:3C:05:7F:F6:0A:B4:C1:19:40:D6:E9:44:D0
         SHA256: B2:4F:21:E7:6B:96:42:EE:F2:9B:55:3D:83:A3:8D:2B:F3:1A:69:B1:94:30:2B:D3:23:E3:08:FF:43:93:C2:E8
署名アルゴリズム名: SHA256withRSA
サブジェクト公開キー・アルゴリズム: 2048ビットRSAキー
バージョン: 1


*******************************************
*******************************************


[root@CENTOS7 test]#

9. PKCS12キーストアをJKSキーストアに変換

keytool -importkeystore -srckeystore <PKCS12キーストアのファイル名> -srcstoretype PKCS12 -srcstorepass <PKCS12キーストアのパスワード> -destkeystore <JKSキーストアのファイル名> -deststoretype JKS -deststorepass <JKSキーストアのパスワード> -destkeypass <秘密鍵のパスワード>

実行結果
[root@CENTOS7 test]# keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass storepass -destkeystore keystore.jks -deststoretype JKS -deststorepass storepass1 -destkeypass keypass1
キーストアkeystore.p12をkeystore.jksにインポートしています...
別名testのエントリのインポートに成功しました。
インポート・コマンドが完了しました: 1件のエントリのインポートが成功しました。0件のエントリのインポートが失敗したか取り消されました

Warning:
JKSキーストアは独自の形式を使用しています。"keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12"を使用する業界標 準の形式であるPKCS12に移行することをお薦めします。
[root@CENTOS7 test]# ls -l
合計 20
-rw-r--r-- 1 root root 1224  7月 10 00:59 cert.pem
-rw-r--r-- 1 root root 1017  7月 10 00:32 csr.pem
-rw-r--r-- 1 root root 1766  7月 10 00:30 key.pem
-rw-r--r-- 1 root root 2213  7月 10 01:16 keystore.jks
-rw-r--r-- 1 root root 2518  7月 10 01:05 keystore.p12
[root@CENTOS7 test]#

10. JKSキーストアの内容確認

keytool -list -v -keystore client-<JKSキーストアのファイル名> -storetype JKS -storepass <JKSキーストアのパスワード>

実行結果
[root@CENTOS7 test]# keytool -list -v -keystore keystore.jks -storetype JKS -storepass storepass1
キーストアのタイプ: JKS
キーストア・プロバイダ: SUN

キーストアには1エントリが含まれます

別名: test
作成日: 2021/07/10
エントリ・タイプ: PrivateKeyEntry
証明書チェーンの長さ: 1
証明書[1]:
所有者: CN=yasushi.local, OU=DEV1, O=SAMPLE CORP, L=YOKOHAMA, ST=KANAGAWA, C=JP
発行者: CN=yasushi.local, OU=DEV1, O=SAMPLE CORP, L=YOKOHAMA, ST=KANAGAWA, C=JP
シリアル番号: c63af200fc301068
有効期間の開始日: Sat Jul 10 00:59:44 JST 2021終了日: Mon Jul 11 00:59:44 JST 2022
証明書のフィンガプリント:
         SHA1: 63:2D:44:40:8B:2D:B4:3C:05:7F:F6:0A:B4:C1:19:40:D6:E9:44:D0
         SHA256: B2:4F:21:E7:6B:96:42:EE:F2:9B:55:3D:83:A3:8D:2B:F3:1A:69:B1:94:30:2B:D3:23:E3:08:FF:43:93:C2:E8
署名アルゴリズム名: SHA256withRSA
サブジェクト公開キー・アルゴリズム: 2048ビットRSAキー
バージョン: 1


*******************************************
*******************************************



Warning:
JKSキーストアは独自の形式を使用しています。"keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12"を使用する業界標 準の形式であるPKCS12に移行することをお薦めします。
[root@CENTOS7 test]#

キーストア(JKS)からPEM形式の証明書、秘密鍵に変換する方法については、次の記事「Javaのkeytoolのキーストア(JKS)からPEM形式の証明書、秘密鍵に変換する方法」を参照してください。

以上

4
4
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?