I am migrating my single server tomcat to a cluster, load balanced and cached by Apache HTTPD (reverse proxy with mod_proxy).
Is it possible to convert the certificate and keys to the apache format or i have to re-issue the whole thing?
Apache – How to i migrate SSL from Tomcat to Apache HTTPD
apachessltomcat
Related Topic
- Java – Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error
- Apache HTTPD/mod_proxy/Tomcat and SSL with client auth
- Apache – Making a two way SSL authentication between apache httpd reverse proxy and Tomcats
- Apache – Httpd returning 503 Service Unavailable with mod_proxy for Tomcat 8
- Java – Configure secured websockets using Apache httpd 2.4.6 and Tomcat 8
Best Answer
It's quite easy to extract the certificates directly with
keytool
, it's a bit trickier to extract the private key (although you could write programs to do so). I'd suggest using a combination ofkeytool
andopenssl
.If your keystore is in PKCS#12 format (.p12 file), skip this step. Convert your JKS store into a PKCS12 store using
keytool
(need version from Java 6+)Then, extract the certificate using openssl:
Extract the private key:
Note that, because the
-nodes
option is used when extracting the private key, the private key file won't be protected (as it mustn't have a password to be usable by Apache Httpd), so make sure no one else can read it.Then, configure Apache Httpd using
SSLCertificateFile
andSSLCertificateKeyFile
to point to the certificate file and the private key file, respectively.