NUHMAN.com

Programming & Development / April 18, 2025

How to Download an SSL Key Pair (Public & Private Key) from a JBoss Server

JBoss SSL keystore export keytool OpenSSL private key public key certificate

Copy Link Bookmark Print

When you're managing a JBoss server and need to extract or download an SSL key pair (public + private key), the process typically involves working with a Java keystore (JKS). Whether for migration, backup, or integration, this guide walks you through safely exporting the SSL key pair used by JBoss.

πŸ”Ž Step 1: Locate the Keystore Used by JBoss

Open your standalone.xml or domain.xml file and look for the HTTPS connector configuration, typically under the <subsystem> tag.

It might look like this:

xml

<ssl name="ssl" 
     key-alias="server" 
     password="keystore-password" 
     certificate-key-file="/path/to/keystore.jks" />

Take note of:

  • πŸ”‘ key-alias
  • πŸ” password
  • πŸ“‚ certificate-key-file β†’ This is your keystore path.

πŸ“€ Step 2: Export the Public Key (Certificate)

You can export the public certificate (which contains the public key) from the keystore using the keytool:

bash

keytool -export \
  -alias server \
  -file publickey.cer \
  -keystore /path/to/keystore.jks
Replace server and the keystore path with your actual values.

This will create a publickey.cer file containing the X.509 certificate (including the public key).

πŸ”“ Step 3: Export the Private Key (Using OpenSSL)

Since keytool doesn’t allow direct extraction of private keys, you'll need to convert the keystore to PKCS12 format, then use OpenSSL to extract the private key.

3.1 Convert JKS to PKCS12:

bash

keytool -importkeystore \
  -srckeystore /path/to/keystore.jks \
  -destkeystore keystore.p12 \
  -srcstoretype JKS \
  -deststoretype PKCS12 \
  -srcalias server \
  -destalias server \
  -deststorepass destination-pass \
  -srcstorepass source-pass

Replace:

  • server with your alias
  • source-pass and destination-pass with the keystore passwords

3.2 Extract Private Key Using OpenSSL:

bash

openssl pkcs12 -in keystore.p12 -nocerts -out privatekey.pem -nodes

βœ… This will give you privatekey.pem β€” your private key in PEM format.

πŸ“ Final Result

FileDescriptionpublickey.cerX.509 Certificate (Public Key)privatekey.pemPEM-formatted Private Keykeystore.p12PKCS12 version of the JBoss keystore (intermediate step)

You now have the full SSL key pair extracted from your JBoss server.

πŸ›‘ Security Tips

  • NEVER expose your private key in public or insecure environments.
  • Store your privatekey.pem in a secure location (e.g., an encrypted vault).
  • Rotate keys regularly in production environments.


Share this article:

Comments

No comments yet

Add a new Comment

Trending

Gadgets & Consumer Tech / May 20, 2025
Unlock Your Coding Potential with Visual Studio Code: Instal...

Visual Studio Code VS Code code editor Mac install Visual Studio Code

Programming & Development / April 14, 2025
Java Access Modifiers: Default, Public, Private, Protected E...

Java access modifiers public vs private vs protected default access in Java Java visibility levels

Cloud Computing & Enterprise Tech / April 08, 2025
How to Point a Domain to Your VPS with Apache: A Step-by-Ste...

point domain to VPS Apache virtual host setup connect domain to VPS VPS DNS setup

Programming & Development / April 14, 2025
React Components Tutorial: Building Interactive UIs with Rea...

React Components Tutorial dynamic

NUHMAN.COM

Information Technology website for Programming & Development, Web Design & UX/UI, Startups & Innovation, Gadgets & Consumer Tech, Cloud Computing & Enterprise Tech, Cybersecurity, Artificial Intelligence (AI) & Machine Learning (ML), Gaming Technology, Mobile Development, Tech News & Trends, Open Source & Linux, Data Science & Analytics

Categories

Tags

Quick Links

About Advertise Privacy & policy Terms & conditions Contact

©{" "} Nuhmans.com . All Rights Reserved. Designed by{" "} HTML Codex