Skip to content

Instantly share code, notes, and snippets.

@Hakky54
Last active August 26, 2024 13:14
Show Gist options
  • Save Hakky54/049299f0874fd4b870257c6458e0dcbd to your computer and use it in GitHub Desktop.
Save Hakky54/049299f0874fd4b870257c6458e0dcbd to your computer and use it in GitHub Desktop.
Curl with Java KeyStore

Curl with Java KeyStore

Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:

  1. Convert keystore to p12 file
  2. Convert p12 file to pem file
  3. Run curl command with pem files

One way TLS/SSL/Authentication

Convert keystore to p12 file

keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -srcstoretype JKS -deststoretype PKCS12

Convert p12 file to pem file

openssl pkcs12 -in truststore.p12 -out trusted-certs.pem

Run curl command with pem files

Example curl request with loading trusted certificates:

curl secret --cacert trusted-certs.pem https://localhost:8443/api/hello

Two way TLS/SSL/Authentication also known as Mutual Authentication

Convert keystore to p12 file

keytool -importkeystore -srckeystore identity.jks -destkeystore identity.p12 -srcstoretype JKS -deststoretype PKCS12

Convert p12 file to pem file

openssl pkcs12 -in identity.p12 -nokeys -out client-cert.pem
openssl pkcs12 -in identity.p12 -nocerts -out client-key.pem

Run curl command with pem files

curl --key client-key.pem --cert client-cert.pem --cacert trusted-certs.pem https://localhost:8443/api/hello

Additional options

Have paswordless private key pem file with -nodes options, see example below

openssl pkcs12 -in identity.p12 -nocerts -nodes -out client-key.pem

Inline password instead of prompting with -password pass:secret options, see example below

openssl pkcs12 -in identity.jks -nocerts -password pass:secret -out client-key.pem -nodes
@TiloGit
Copy link

TiloGit commented Feb 10, 2023

use -password pass:MyKeyStorePAss to pass PW via cmd.

@TiloGit
Copy link

TiloGit commented Feb 10, 2023

use -nodes (noDES) for -nocerts cmd to not require PEM password.

@Hakky54
Copy link
Author

Hakky54 commented Feb 22, 2023

Hi @TiloGit these are nice additionas, I have included them to the gist. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment