(PowerShell) Convert Java KeyStore to PEM

Loads a Java keystore file and saves the trusted certificate entries to a PEM file.

Chilkat .NET Downloads Chilkat .NET Assemblies

Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

$jks = New-Object Chilkat.JavaKeyStore

$jksPassword = "myJksPassword"

# Load the Java keystore from a file.  The JKS file password is used
# to verify the keyed digest that is found at the very end of the keystore.
# It verifies that the keystore has not been modified.
$success = $jks.LoadFile($jksPassword,"/someDir/keyStore.jks")
if ($success -ne $true) {
    $($jks.LastErrorText)
    exit
}

# Open/create the output PEM file. 
# This example uses Chilkat's file access class for writing the output file.
# You may replace the file I/O lines of code with whatever is most convenient for you.
$fac = New-Object Chilkat.FileAccess
$success = $fac.OpenForWrite("/pemFiles/caCerts.pem")
if ($success -ne $true) {
    $($fac.LastErrorText)
    exit
}

$numCerts = $jks.NumTrustedCerts

# Iterate over the trusted certs, get the PEM for each,
# and append it to the output file.
$i = 0
while ($i -lt $numCerts) {
    $cert = $jks.GetTrustedCert($i)

    # Get the certificate in PEM format.  
    $pem = $cert.ExportCertPem()

    # Append the PEM string to the open file.
    # The PEM contains only us-ascii chars..
    $success = $fac.AppendAnsi($pem)
    if ($success -ne $true) {
        $($fac.LastErrorText)

        exit
    }

    $i = $i + 1
}

# Close the output file.
$fac.FileClose()

$("Trusted certificates saved to PEM.")