wgzhao · December 12, 2018 00:28
diff --git a/extract_from_jks.sh b/extract_from_jks.sh
 JKS=mykeystore
 JKS_PASS=changeit
 JKS_ALIAS=tomcat
 OUTPASS=$(cat /dev/urandom |env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 8 |head -n1)
 PK12_KEY=mykeystore.pk12
 PEM=server.pem
 KEY=server.key

 keytool -importkeystore -srckeystore $JKS -destkeystore $PK12_KEY -srcstoretype JKS -deststoretype PKCS12 -srcstorepass $JKS_PASS -deststorepass $OUTPASS -srcalias $JKS_ALIAS -destalias $JKS_ALIAS -srckeypass $JKS_PASS -destkeypass $OUTPASS -noprompt

 #generate password-less pem file
 openssl pkcs12 -in $PK12_KEY -passin pass:$OUTPASS  -passout pass:$OUTPASS |openssl rsa -passin pass:$OUTPASS -pubout -out $PEM
 #generate password-less private-key file
 openssl pkcs12 -in $PK12_KEY   -passin pass:$OUTPASS -passout pass:$OUTPASS |openssl rsa  -passin pass:$OUTPASS -out $KEY
	JKS=mykeystore
	JKS_PASS=changeit
	JKS_ALIAS=tomcat
	OUTPASS=$(cat /dev/urandom \|env LC_CTYPE=C tr -dc 'a-zA-Z0-9' \| fold -w 8 \|head -n1)
	PK12_KEY=mykeystore.pk12
	PEM=server.pem
	KEY=server.key

	keytool -importkeystore -srckeystore $JKS -destkeystore $PK12_KEY -srcstoretype JKS -deststoretype PKCS12 -srcstorepass $JKS_PASS -deststorepass $OUTPASS -srcalias $JKS_ALIAS -destalias $JKS_ALIAS -srckeypass $JKS_PASS -destkeypass $OUTPASS -noprompt

	#generate password-less pem file
	openssl pkcs12 -in $PK12_KEY -passin pass:$OUTPASS -passout pass:$OUTPASS \|openssl rsa -passin pass:$OUTPASS -pubout -out $PEM
	#generate password-less private-key file
	openssl pkcs12 -in $PK12_KEY -passin pass:$OUTPASS -passout pass:$OUTPASS \|openssl rsa -passin pass:$OUTPASS -out $KEY