Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Distributed systems often come with complex challenges such as service-to-service communication, state management, asynchronous messaging, security, and more.
Dapr (Distributed Application Runtime) provides a set of APIs and building blocks to address these challenges, abstracting away infrastructure so we can focus on business logic.
In this tutorial, we'll focus on Dapr's pub/sub API for message brokering. Using its Spring Boot integration, we'll simplify the creation of a loosely coupled, portable, and easily testable pub/sub messaging system:
1. Introduction
A Java KeyStore is a container of security certificates that we can use when writing Java code. Java KeyStores hold one or more certificates with their matching private keys and are created using keytool which comes with the JDK.
In this tutorial, we’ll convert a Java KeyStore into PEM (Privacy-Enhanced Mail) format using a combination of keytool and openssl. The steps will include using keytool to convert the JKS into a PKCS#12 KeyStore, and then openssl to transform the PKCS#12 KeyStore into a PEM file.
keytool is available with the JDK, and we can download openssl from the OpenSSL website.
2. File Formats
Java KeyStores are stored in the JKS file format. It’s a proprietary format that is specifically for use in Java programs. PKCS#12 KeyStores are non-proprietary and are increasing in popularity — from Java 9 onward, PKCS#12 is used as the default KeyStore format over JKS.
PEM files are also certificate containers — they encode binary data using Base64, which allows the content to be transmitted more easily through different systems. A PEM file may contain multiple instances, with each instance adhering to two rules:
- A one-line header of
-----BEGIN <label>----- - A one-line footer of
-----END <label>-----
<label> specifies the type of the encoded message, common values being CERTIFICATE and PRIVATE KEY.
3. Converting an Entire JKS Into PEM Format
Let’s now go through the steps for converting all the certificates and private keys from a JKS into PEM format.
3.1. Creating the Java KeyStore
We’ll start by creating a JKS with a single RSA key pair:
keytool -genkey -keyalg RSA -v -keystore keystore.jks -alias first-key-pairWe’ll enter a KeyStore password at the prompt and enter information about the key pair.
For this example, we’ll create a second key pair as well:
keytool -genkey -keyalg RSA -v -keystore keystore.jks -alias second-key-pair3.2. JKS to PKCS#12
The first step in the conversion process is to convert the JKS into PKCS#12 using keytool:
keytool -importkeystore -srckeystore keystore.jks \
-destkeystore keystore.p12 \
-srcstoretype jks \
-deststoretype pkcs12Again, we’ll answer the password prompts — one will ask for the password of the original JKS, and the other will ask us to create a password for the resulting PKCS#12 KeyStore.
Let’s check the output of running that command:
Entry for alias first-key-pair successfully imported.
Entry for alias second-key-pair successfully imported.
Import command completed: 2 entries successfully imported, 0 entries failed or cancelledThe result is a keystore.p12 KeyStore stored in PKCS#12 format.
3.3. PKCS#12 to PEM
From here, we’ll use openssl to encode keystore.p12 into a PEM file:
openssl pkcs12 -in keystore.p12 -out keystore.pemThe tool will prompt us for the PKCS#12 KeyStore password and a PEM passphrase for each alias. The PEM passphrase is used to encrypt the resulting private key.
If we don’t want to encrypt the resulting private key, we should instead use:
openssl pkcs12 -nodes -in keystore.p12 -out keystore.pemkeystore.pem will contain all of the keys and certificates from the KeyStore. For this example, it contains a private key and a certificate for both the first-key-pair and second-key-pair aliases.
4. Converting a Single Certificate From a JKS Into PEM
We can export a single public key certificate out of a JKS and into PEM format using keytool alone:
keytool -exportcert -alias first-key-pair -keystore keystore.jks -rfc -file first-key-pair-cert.pemAfter entering the JKS password at the prompt, we’ll see the output of that command:
Certificate stored in file <first-key-pair-cert.pem>5. Conclusion
We’ve successfully converted an entire JKS into PEM format using keytool, openssl, and the intermediary stage of the PKCS#12 format. We’ve also covered converting a single public key certificate using keytool alone.
