Skip to content

Instantly share code, notes, and snippets.

@vepo
Forked from Hakky54/curl-with-java-keystore.md
Last active March 13, 2024 08:52
Show Gist options
  • Save vepo/a4c7b0578068ade2e7cc193764f28630 to your computer and use it in GitHub Desktop.
Save vepo/a4c7b0578068ade2e7cc193764f28630 to your computer and use it in GitHub Desktop.
Curl with Java KeyStore

cURL with Java Keystore/Truststore

Curl doesn't have support for java keystore file, so therefor the file should be converted to a PEM format. It consists of the following multiple steps:

  1. Convert keystore to p12 file
  2. Convert p12 file to pem file
  3. Run curl command with pem files

Convert keystore to p12 file

keytool -importkeystore -srckeystore truststore.jks \
                        -destkeystore truststore.p12 \
                        -srcstoretype JKS \
                        -deststoretype PKCS12 \
                        -deststorepass password \
                        -srcstorepass password \
                        -noprompt

Convert p12 file to pem file

openssl pkcs12 -in truststore.p12 -passin pass:password -out truststore.pem

Run curl command with pem files

Example curl request with loading trusted certificates:

curl secret --cacert truststore.pem https://localhost:8443/api/hello

Example curl request for mutual authentication, loading trusted certificates and loading private and public key of the client:

Repeat step 1 (if applicable) choosing the correct alias and step 2 for the identity.jks, but with different options, which contains the keypair.

keytool -importkeystore -srckeystore keystore.jks \
                        -destkeystore client.pfx -deststoretype PKCS12 \
                        -srcalias mykey \
                        -deststorepass password \
                        -destkeypass password \
                        -srcstorepass password \
                        -noprompt
openssl pkcs12 -in client.pfx -passin pass:password -out client.p12 -nodes

Then call cURL

curl --cert identity.pem --cacert truststore.pem https://localhost:8443/api/hello
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment