In order to convert a Java key store into a Privacy Enhanced Mail Certificate, you will need to use two tools :
- keytool.exe - to import the keystore from JKS to PKCS12 (supplied with Java)
- openssl.exe - to convert the PCKS12 to PEM (supplied with OpenSSL)
Neither keytool or openssl can be used to convert a jks directly into a pem. First we must use keytool to convert the JKS into PKCS:
keytool -importkeystore -srckeystore client.jks -destkeystore client.pkcs -srcstoretype JKS
-deststoretype PKCS12
You will be prompted to enter passwords for the key stores when each of these programs are run. The password used for the keystores created using the generator is "nirvana". Next you need to use openssl.exe to convert the PKCS into PEM.
openssl pkcs12 -in client.pkcs -out client.pem
Repeat the above code for the any other jks key stores. After this you will have the required key stores in pem format.