Ssl – Extract key from JKS keystore to use with apache2 and tomcat

apache-2.2keytoolopensslsslssl-certificate

I have a keystore in JKS format and I want to use that with apache2.
How can I export the key and the certificates (that i already chained) out the JKS in a easy way?
I found many answers out there but seems that no one has my problem… (or the answer is partial)

Thank you for your time.

Best Answer

The JKS has certificates in DER and for Apache you want to have PEM (AKA X509) format.

Sample of how to do this:

$JAVA_HOME/bin/keytool --list -keystore <mykeystore>
$JAVA_HOME/bin/keytool -export -rfc -alias <alias_name> -file <cert.crt> -keystore <mykeystore>

So you will want to export the private key and then the certificates.

The private key exported located then goes in SSLCertificateKeyFile directive in httpd.conf, and you can put the chained certificates in SSLCertificateChainFile directive. This is in addition to SSLCertificateFile directive.

See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Best Answer

Related Solutions

Extract Key and Certificate from Kemp Loadmaster

Ssl – nywhere that I can get a valid , signed, SSL cert to the “localhost” domain for testing

Related Topic