Page History

...

The next step is to extract the private key that was used to generate the CSR.  If a utility such as openssl was used to generate the CSR, then a file containing the private key should already be present and this step is unnecessary.  If, however, the site used keytool to generate the CSR, then the following commands should be run to extract the private key into a separate file.  Execute the following command commands to extract the private key into a file called private_key.pem:

$ <insert command to transform keystore into pkcs12 first> keytool -importkeystore -srckeystore shrine.keystore -srcstorepass <source_keystore_password> -srcalias <source_alias> -destalias <destination_alias> -destkeystore shrine.keystore.p12 -deststoretype PKCS12 -deststorepass <destination_keystore_password>
$ openssl pkcs12 -in shrine.keystore.p12 -nodes -nocerts -out private_key.pem

...