I used the Java keytool to generate a "keystore":
keytool -genkey -alias example.com -keyalg RSA -keystore example.com.keystore
Then I generated a CSR (Certificate Signing Request):
keytool -certreq -keyalg RSA -alias example.com -file example.com.csr
-keystore example.com.keystore
Then I issued an certificate and saved it in a textfile example.com.crt
Now I want to use this certificate with Nginx.
I have placed my certificate on /etc/ssl/certs/example.com.cert
and I placed my "keystore" (I think it contains my private key?) on /etc/ssl/private/example.com.keystore
Then I configured my Nginx following Nginx, SSL and vhosts. But when I reload the Nginx configuration file I get this error message:
sudo service nginx reload
Reloading nginx configuration: [emerg]: SSL_CTX_use_certificate_chain_file("/etc/ssl/certs/myssl.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed
When I followed the same guide and generated an SSL-certificate using openssl it worked fine. But using Java keytool I get this error.
How can I use a SSL-certificate and keys from Java keytool with Nginx?
Best Answer
You can't use a keystore with just about anything not written in Java, as far as I know. It's also not possible to extract the key with
keytool.I'd recommend using something like http://www.openssl.org/docs/HOWTO/keys.txt or the
easy-rsa-tools included with OpenVPN to generate a new key/certificate-combo, which will by default be generated in a format readable by nginx.If it is important to extract the key from the keystore, there's a guide at http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips on how to extract it.