Background: Because the keystore is commonly used in java when the ssl certificate is used. In other environments, the pem format is often used.
Operation: (under linux environment)
Server:
1. Generate keystore, note that the value of CN must be the domain name of the service to be published, not ip
keytool -genkey -alias server -dname "CN=www.test.com" -keyalg RSA -keystore server.store -storepass 123456 -keypass 123456
2. Convert the generated keystore to PKCS12
keytool -importkeystore -srckeystore server.store -destkeystore server.store.p12 -srcstoretype JKS -deststoretype PKCS12
3. Convert the keystore in pkcs12 format to get the private key in pem format
openssl pkcs12 -nocerts -nodes -in server.store.p12 -out server-private-key.pem
4. Export the public key certificate from the keystore
keytool -export -alias server -file server-pub.cer -keystore server.store -storepass 123456
5. Convert cer format certificate to pem format
openssl x509 -in server-pub.cer -inform DER -out server-pub.pem -outform PEM
6. Convert ordinary pem format to rsa pem format
openssl rsa -in server-private-key.pem -out server-private-key-new.pem
rsa format pem
-----BEGIN RSA PRIVATE KEY----- lsjflsfjdlskd sdfksjldfjs .... .... ksjdflskd -----END RSA PRIVATE KEY-----
normal format pem
-----BEGIN PRIVATE KEY----- ksldfjs ksdjflsdf ... .... sfjlskjdfljf ksdfjlsdkf -----END PRIVATE KEY-----
Client: the same as the server generation method