Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:
- Convert keystore to p12 file
- Convert p12 file to pem file
- Run curl command with pem files
keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in truststore.p12 -out trusted-certs.pem
curl secret --cacert trusted-certs.pem https://localhost:8443/api/hello
keytool -importkeystore -srckeystore identity.jks -destkeystore identity.p12 -srcstoretype JKS -deststoretype PKCS12
openssl pkcs12 -in identity.p12 -nokeys -out client-cert.pem
openssl pkcs12 -in identity.p12 -nocerts -out client-key.pem
curl --key client-key.pem --cert client-cert.pem --cacert trusted-certs.pem https://localhost:8443/api/hello
Have paswordless private key pem file with -nodes
options, see example below
openssl pkcs12 -in identity.p12 -nocerts -nodes -out client-key.pem
Inline password instead of prompting with -password pass:secret
options, see example below
openssl pkcs12 -in identity.jks -nocerts -password pass:secret -out client-key.pem -nodes
use
-password pass:MyKeyStorePAss
to pass PW via cmd.