How To
Summary
If there is a need to extract the private key stored in the keystore used by IBM Resilient's web server this document details how to extract the private key.
Objective
Steps
The SSL certificate and private key are stored within /crypt/certs/keystore. You can get the password of the keystore by running the keyvaultget command listed in https://www.ibm.com/support/knowledgecenter/SSBRUQ_37.0.0/doc/install/resilient_install_keyvaults_secrets.html
Using the Java keytool command you can look at the certificates within the keystore by running:
sudo keytool -list -v -keystore /crypt/certs/keystore -storepass "$(sudo resutil keyvaultget -name keystore)"
Create a .p12 file containing the private key and all certificates:
sudo keytool -importkeystore -srckeystore /crypt/certs/keystore -destkeystore /<PATH TO FILE>/keystore.p12 -deststoretype PKCS12 -srcalias co3 -srcstorepass "$(sudo resutil keyvaultget -name keystore)" -deststorepass ***** -destkeypass *****
-destkeystore can be whatever you choose it to be
-srcalias is the name of the alias in /crypt/certs/keystore which is returned from the first command
Extract the private key
sudo openssl pkcs12 -in keystore.p12 -nocerts -nodes -out /<PATH TO FILE>/private.key
Extract all certificates including the private key
sudo openssl pkcs12 -in keystore.p12 -nodes -out /<PATH TO FILE>/all.cer
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm16244116