Converting a Java Keystore (JKS) to PEM Format
This topic describes how to convert a Java KeyStore (JKS) format certificates to the PEM-format.
1. Locate the application
Log in to the Client Panel and locate your target deployment on the Home page or the My Applications page.
2. Navigate to the "Overview" page
You can go to the Overview page by clicking the "Manage" button on the Home page or the My Applications page.
3. Download JKS-format certificates
Go to the Connection Information section on the "Overview" page, you will see the kafka.keystore.jks file and kafka.truststore.jks file. Download them to your local machine.
4. Convert JKS certificates to .p12 format
Familiarize yourself with the Java keytool
command-line tool to first convert the certificate to .p12.
Convert truststore by
keytool -importkeystore -srckeystore kafka.truststore.jks -destkeystore truststore.p12 -deststoretype PKCS12 -srcstorepass HIgBRwOA -deststorepass HIgBRwOA
Convert keystore by
keytool -importkeystore -srckeystore kafka.keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcstorepass HIgBRwOA -deststorepass HIgBRwOA
5. Convert .p12 format file to PEM Format
Use openssl
to convert the certificate to .pem files.
Convert truststore by
openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:HIgBRwOA
Convert keystore by
openssl pkcs12 -nodes -in keystore.p12 -out keystore.pem -passin pass:HIgBRwOA
6. Get your private key and certificate
Copy the content that contains BEGIN CERTIFICATE and END CERTIFICATE in the truststore.pem to the cacert.pem file.
In your keystore.pem file, you can find the part that the friendlyName is localhost. Copy the content that contains BEGIN CERTIFICATE and END CERTIFICATE to the key.pem file and cert.pem file.
That it. You've successfully convert a JKS certificate to the PEM format.