mTLS


Reading time: less than 1 minute

If you are given an mTLS client certificate in the JKS (Java key store) format, you can use the following commands to turn it into a regular PEM file to use with OpenSSL and other tools.

keytool -importkeystore -srckeystore keystore.jks -destkeystore output.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass pass1234

openssl pkcs12 -in output.p12 -out output.pem -nodes

The keytool utility will ask you to pick a password for the P12 key store as well. And the openssl command will ask you to enter the same password back. After this, output.pem will not require a password to use.

If the tool you are using needs the certificate and the private key to be in separate files, you can split the PEM file into key and certificate files using these commands.

openssl pkey -in output.pem -out private.key

openssl x509 -in output.pem -out certificate.crt

The following pages link here

Citation

If you find this work useful, please cite it as:
@article{yaltirakli,
  title   = "mTLS",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2024",
  url     = "https://www.gkbrk.com/mtls"
}
Not using BibTeX? Click here for more citation styles.
IEEE Citation
Gokberk Yaltirakli, "mTLS", November, 2024. [Online]. Available: https://www.gkbrk.com/mtls. [Accessed Nov. 12, 2024].
APA Style
Yaltirakli, G. (2024, November 12). mTLS. https://www.gkbrk.com/mtls
Bluebook Style
Gokberk Yaltirakli, mTLS, GKBRK.COM (Nov. 12, 2024), https://www.gkbrk.com/mtls

Comments

© 2024 Gokberk Yaltirakli