Curl with Java KeyStore
Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:
- Convert keystore to p12 file
- Convert p12 file to pem file
- Run curl command with pem files
One way TLS/SSL/Authentication
Convert keystore to p12 file
keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -srcstoretype JKS -deststoretype PKCS12
Convert p12 file to pem file
openssl pkcs12 -in truststore.p12 -out trusted-certs.pem
Run curl command with pem files
Example curl request with loading trusted certificates:
curl secret --cacert trusted-certs.pem https://localhost:8443/api/hello
Two way TLS/SSL/Authentication also known as Mutual Authentication
Convert keystore to p12 file
keytool -importkeystore -srckeystore identity.jks -destkeystore identity.p12 -srcstoretype JKS -deststoretype PKCS12
Convert p12 file to pem file
openssl pkcs12 -in identity.p12 -nokeys -out client-cert.pem
openssl pkcs12 -in identity.p12 -nocerts -out client-key.pem
Run curl command with pem files
curl --key client-key.pem --cert client-cert.pem --cacert trusted-certs.pem https://localhost:8443/api/hello
Additional options
Have paswordless private key pem file with -nodes options, see example below
openssl pkcs12 -in identity.p12 -nocerts -nodes -out client-key.pem
Inline password instead of prompting with -password pass:secret options, see example below
openssl pkcs12 -in identity.jks -nocerts -password pass:secret -out client-key.pem -nodes
use
-password pass:MyKeyStorePAssto pass PW via cmd.