I used a keystore which is generated using java keytool, where my private key is stored; in order to be used in SSL communication that took place between a service hosted in Apache Tomcat and a sample client.
You can find a step by step guide for creating a keystore using java keytool from here.
Today I had the requirement of viewing the messages passed over SSL, using the ssldump.
Once again you can find a guide on ssl debugging with ssldump from here.
In one of the steps there, you will need to provide the server's private key in order for ssldump to decrypt the symmetric key exchanged between client and server and use it for decrypting the ssl traffic.
As I got to know, java keytool doesn't provide an easy way to export private key out of the keystore.
Out of the several ways I tried, keytool-iui helped me to achieve my requirement in a matter of seconds.
Hence, here I will keep a note on the steps I followed:
Step 1: Download the tool from here.
Step 2: Extract it and execute following command being at the 'ktl241sta' folder. (You can find it in readme file also)
java -jar rc15ktl.jar
Step 3: Then select and provide necessary information as shown in the image below:
- Select Export -> Keystore's Entry->Private Key from left hand panel.
- Under 'Source', provide the keystore file and password and the format, in this case, keystore is of jks file format.
- Provide the relevant file locations where the private key and the certificate to be exported, under 'Target'. And the format required by ssldump is PEM.
On a side note, I also tried openssl to achieve the same, as I read in several places. But failed with the following error.
Error decrypting key
28838:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:759:
28838:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:759:
If you have any idea about the reason and if you have successfully achieve this with opensssl, please share with us as well...
Related post: