tomcat的jks的私钥导出nginx需要的key文件

方法一：

1.先用keytool导出pfx文件。第一个123456是jks密码，后边两个是新生成的pfx的密码

keytool -v -importkeystore -srckeystore D:\fuwuqi.jks -srcstoretype jks -srcstorepass 123456 -destkeystore D:\fuwuqi.pfx -deststoretype pkcs12 -deststorepass 123456 -destkeypass 123456

2.用ssl导出key文件

openssl pkcs12 -in fuwuqi.pfx -nocerts -nodes -out fuwuqi.key

方法二：

 代码生成

package com.acca.dovepay.nucc.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;

import sun.misc.BASE64Encoder;

public class CertUtil {

    private File keystoreFile;

    private String keyStoreType;

    private char[] password;

    private String alias;

    private File exportedFile;

    public KeyPair getPrivateKey(KeyStore keystore, String alias,
            char[] password) {

        try {

            Key key = keystore.getKey(alias, password);

            if (key instanceof PrivateKey) {

                Certificate cert = keystore.getCertificate(alias);

                PublicKey publicKey = cert.getPublicKey();

                return new KeyPair(publicKey, (PrivateKey) key);

            }

        } catch (UnrecoverableKeyException e) {

        } catch (NoSuchAlgorithmException e) {

        } catch (KeyStoreException e) {

        }

        return null;

    }

    public void export() throws Exception {

        KeyStore keystore = KeyStore.getInstance(keyStoreType);

        BASE64Encoder encoder = new BASE64Encoder();

        keystore.load(new FileInputStream(keystoreFile), password);

        KeyPair keyPair = getPrivateKey(keystore, alias, password);

        PrivateKey privateKey = keyPair.getPrivate();

        String encoded = encoder.encode(privateKey.getEncoded());

        FileWriter fw = new FileWriter(exportedFile);

        fw.write("----BEGIN PRIVATE KEY----
");

        fw.write(encoded);

        fw.write("
");

        fw.write("----END PRIVATE KEY----
");

        Certificate cert = keystore.getCertificate(alias);

        PublicKey publicKey = cert.getPublicKey();

        String encoded2 = encoder.encode(publicKey.getEncoded());

        fw.write("----BEGIN CERTIFICATE----
");

        fw.write(encoded2);

        fw.write("
");

        fw.write("----END CERTIFICATE----
");

        fw.close();

    }

    public static void main(String args[]) throws Exception {

        CertUtil export = new CertUtil();

        export.keystoreFile = new File("D:\20181120fuwuqi.jks");

        export.keyStoreType = "JKS";

        export.password = "123456".toCharArray();

        export.alias = "mykey";

        export.exportedFile = new File("D:\SSS.key");

        export.export();
    }
}

另crt文件的生成，转载https://jingyan.baidu.com/article/154b463178eac928ca8f41a9.html?qq-pf-to=pcqq.c2c