Converting Keystore (JKS) to PEM file
Overview
Some Python library like kafka-python uses .pem files to connect to Kafka. For this purpose we will have to convert the JKS files to PEM with the help of keytool and openssl commands
This article describes how to generate key and certificate files from keystore in JKS format.
Prerequisites
Suppose you already has a keystore.jks file following the steps here.
Warning: Different store and key passwords not supported for PKCS12 KeyStores. We need to keep keystore password and key password the same
Generate files
The following bash script describes how to generate your key and certificate files from keystore.jks .
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
#!/bin/bash keyStorePassword=${1:-yourkeystorepassword} keyPassword=${2:-yourkeystorepassword} keyFile=${3:-key.pem} CARootFile=${4:-CARoot.pem} certificateFile=${5:-certificate.pem} echo "Generating key.pem" keytool -v -importkeystore -srckeystore keystore.jks \ -srcalias ickafka \ -destkeystore cert_and_key.p12 -deststoretype PKCS12 \ -storepass "${keyStorePassword}" -srcstorepass "${keyStorePassword}" openssl pkcs12 -in cert_and_key.p12 -nodes -nocerts \ -out "${keyFile}" -passin pass:"${keyPassword}" echo "Generating CARoot.pem" keytool -exportcert -alias CAroot \ -keystore keystore.jks -rfc \ -file "${CARootFile}" -storepass "${keyStorePassword}" echo "Generating certificate.pem" keytool -exportcert -alias ickafka \ -keystore keystore.jks -rfc \ -file "${certificateFile}" -storepass "${keyStorePassword}" |
Go to the place where you store the keystore.jks, then run this script.
You will get key.pem, CARoot.pem and certificate.pem.
Then you’re good to use these file in your client when connecting to Kafka clusters.
You could find Python examples about how to use these files when connecting to KAFKA MTLS cluster here.
By Instaclustr Support