Ssl keystore

ssl_create_jks

Create a Java JKS keystore from a private key and one or more PEM certificate files. Certificate files are joined in the order given (same behaviour as ssl_cert_join). The pipeline is: PEM chain + key → PKCS12 (openssl) → JKS (keytool) A temporary working directory is created and removed on return.

Example

ssl_create_jks -k server.key -p changeit -o keystore.jks cert.pem intermediate.pem root.pem
ssl_create_jks -k server.key -p changeit -o /opt/app/keystore.jks -a myapp cert.pem chain.pem

Options

  • -k

string Private key file (required)

  • -p

string Keystore password (required)

  • -o

string Output JKS file path (required)

  • -a

string Alias for the key entry (default: basename of output without extension)

Arguments

  • ... (string): One or more PEM certificate files in chain order

Exit codes

  • 0: Success
  • 1: Missing arguments, invalid input files, or openssl/keytool failure

ssl_create_truststore

Create a JKS truststore from one or more PEM certificate files. Each certificate is imported as a trusted CA entry using keytool -importcert. The alias for each cert defaults to its CN; falls back to the filename stem. No private key is required — this is for truststores, not keystores.

Example

ssl_create_truststore truststore.jks changeit ca1.pem ca2.pem ca3.pem
ssl_create_truststore /opt/app/truststore.jks changeit keytooltest/split/*.pem

Arguments

  • $1 (string): Output JKS truststore file path (required)
  • $2 (string): Truststore password (required)
  • ... (string): One or more PEM certificate files

Exit codes

  • 0: Success
  • 1: Missing arguments, invalid cert, or keytool failure

Output on stdout

  • Count of certificates imported

ssl_split_jks

Split a JKS keystore or truststore into individual PEM files, one per alias. Output files are written to the current directory (or a specified output directory) as .pem.

Example

ssl_split_jks truststore.jks changeit /tmp/certs
ssl_split_jks truststore.jks          # empty password, current directory

Arguments

  • $1 (string): Path to the JKS keystore/truststore file (required)
  • $2 (string): Keystore password (default: empty — common for truststores)
  • $3 (string): Output directory (default: current directory)

Exit codes

  • 0: Success
  • 1: File not found, no aliases found, or export failure

Output on stdout

  • Count of certificates exported