Use script here: Tomcat is converted into a JKS Nginx PEM format.
#!/bin/bash export JKS=$1 export PASS=$2 NAME=$(basename "$JKS") TODIR="$PWD/$NAME-pem" mkdir -p "$TODIR" set -x keytool -importkeystore -srcstoretype jks -deststoretype pkcs12 -srcstorepass:env PASS -deststorepass:env PASS -srckeystore "$JKS" -destkeystore "$TODIR/pkcs12.p12" openssl pkcs12 -nocerts -nodes -passin env:PASS -in "$TODIR/pkcs12.p12" -out "$TODIR/server.key" openssl pkcs12 -nokeys -clcerts -passin env:PASS -in "$TODIR/pkcs12.p12" -out "$TODIR/server.crt" openssl pkcs12 -nokeys -cacerts -passin env:PASS -in "$TODIR/pkcs12.p12" -out "$TODIR/ca.crt"
Example of use:
./jsk_2_pem.sh <JSK_STORE_FILE> <JSK_STORE_PASSWORD>
reference