Curl with Java KeyStore

curl-with-java-keystore.md

Curl with Java KeyStore

Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:

1. Convert keystore to p12 file
2. Convert p12 file to pem file
3. Run curl command with pem files

One way TLS/SSL/Authentication

Convert keystore to p12 file

keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -srcstoretype JKS -deststoretype PKCS12

Convert p12 file to pem file

openssl pkcs12 -in truststore.p12 -out trusted-certs.pem

Run curl command with pem files

Example curl request with loading trusted certificates:

curl secret --cacert trusted-certs.pem https://localhost:8443/api/hello

Two way TLS/SSL/Authentication also known as Mutual Authentication

Convert keystore to p12 file

keytool -importkeystore -srckeystore identity.jks -destkeystore identity.p12 -srcstoretype JKS -deststoretype PKCS12

Convert p12 file to pem file

openssl pkcs12 -in identity.p12 -nokeys -out client-cert.pem
openssl pkcs12 -in identity.p12 -nocerts -out client-key.pem

Run curl command with pem files

curl --key client-key.pem --cert client-cert.pem --cacert trusted-certs.pem https://localhost:8443/api/hello

Additional options

Have paswordless private key pem file with -nodes options, see example below

openssl pkcs12 -in identity.p12 -nocerts -nodes -out client-key.pem

Inline password instead of prompting with -password pass:secret options, see example below

openssl pkcs12 -in identity.jks -nocerts -password pass:secret -out client-key.pem -nodes

use -password pass:MyKeyStorePAss to pass PW via cmd.

use -nodes (noDES) for -nocerts cmd to not require PEM password.

Hi @TiloGit these are nice additionas, I have included them to the gist. Thank you!