To exchange certificates with other systems it is necessary to export the certificates. There are several formats which can be used for this purpose:
-
PEM (“Privacy Enhanced Mail”) is a BASE64 encoded representation of the certificate.
keytool –exportcert –v –rfc –alias wskey \
-keystore ws.jks –file ws.pem
This call exports the certificate under the alias “wskey” in the keystore “ws.jks” in “pem” format in the file “ws.pem”. After entering this command the keytool asks for the password for the keystore.
-
DER (“Distinguished Encoding Rules”) is a space saving binary encoding format for ASN.1 based data, such as certificates.
keytool –exportcert –v –alias wskey \
-keystore ws.jks –file ws.der
This call exports the certificate under the alias “wskey” in the keystore “ws.jks” in “der” format in the file. “ws.der”. After entering this command the keytool asks for the password for the keystore.
The section above illustrates both possibilities since not all applications that process certificates support both formats (PEM and DER).
The above commands export the certificate including the public key pair. The private key is not exported. To export the private key (e.g. to provide it to a client), an export in JKS, IAIK, or PKCS12 format must be carried out.