1. 导出公钥
keytool -export -alias tomcat -keystore <you jks>wsriakey.keystore -file <outputfile>wsriakey.crt
2. 转化为 pem 格式
openssl x509 -out <outputfilename>wsriakey-pem.crt -outform pem -text -in <some crt you want to use>wsriakey.crt -inform der
3. 获取私钥
使用Java 代码
git clone https://github.com/joshvette001/java-exportpriv.git
cd java-exportpriv.git
javac ExportPriv.java
java ExportPriv <keystore> <alias> <password> > wsriakey-pkcs8.key
4. 转换为nginx 支持的证书
openssl pkcs8 -inform PEM -nocrypt -in wsriakey-pkcs8.key -out <you private key>wsriakey.keyitclj.key
5. 参考资料
https://github.com/joshvette001/java-exportpriv.git
https://myssl.com/
https://mozilla.github.io/server-side-tls/ssl-config-generator/