{"id":34134,"date":"2016-05-02T20:25:42","date_gmt":"2016-05-02T14:55:42","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=34134"},"modified":"2024-01-02T17:47:23","modified_gmt":"2024-01-02T12:17:23","slug":"convert-apache-x509-cert-ssl-certificate-to-tomcat-keystore","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/convert-apache-x509-cert-ssl-certificate-to-tomcat-keystore\/","title":{"rendered":"Convert Apache (x509 cert) SSL Certificate to Tomcat (Keystore)"},"content":{"rendered":"

When setting up SSL certificate for a website, we mainly use two types of SSL certificate one is x509 mostly used with applications support OpenSSL library and other is Keystore which is used with Java 1.6+ applications.<\/p>\n

\"Image<\/p>\n

Apache\/Nginx uses x509 pem\/crt files which is is very different than a Jetty\/Tomcat (Java 1.6+) system that uses keystores\u00a0and differences start right from generating a Certificate Signing Request (CSR). So, you could either generate separate CSR request for both and get different SSL certificate which obviously involve cost or you could use following steps to convert the working x509 certificate to the keystore.<\/p>\n

1. Get x509 certificates from Apache\/Nginx<\/h3>\n

You will need three certificates Private Key certificate used for generating\u00a0CSR, Signed Certificate \u00a0provided by signing authority and Intermediate or Root certificate\u00a0of signing authority.<\/p>\n

For Apache:<\/strong><\/p>\n

Check your site’s configuration for below settings:<\/p>\n

SSLCertificateFile \/etc\/apache2\/ssl\/star_livfame_com.crt\r\nSSLCertificateKeyFile \/etc\/apache2\/ssl\/star_livfame_com.key\r\nSSLCertificateChainFile \/etc\/apache2\/ssl\/intermediate.crt<\/pre>\n
For Nginx:<\/strong><\/p>\n
Check your site’s configuration for below settings:<\/p>\n
ssl_certificate \/etc\/nginx\/ssl\/star_livfame_com.crt;\r\nssl_trusted_certificate \/etc\/nginx\/ssl\/intermediate.crt;\r\nssl_certificate_key \/etc\/nginx\/ssl\/star_livfame_com.key;<\/pre>\n
2.\u00a0Copy the three files which can be found in the above to one location
\n(Ex. \/opt\/tomcat\/ssl).<\/h3>\n
3. Using below OpenSSL command generate\u00a0pkcs12 file:<\/h3>\n
cd \/opt\/tomcate\/ssl
\nopenssl pkcs12 -export -in star_livfame_com.crt -inkey star_livfame_com.key -certfile intermediate.crt -out star_livfame_com.p12<\/code><\/p>\n
Note:<\/strong>\u00a0You will be prompted for a password to secure the certificate, please enter the password and remember the password.<\/p>\n
4. Convert pkcs12 certificate to keystore:<\/h3>\n
You will now convert our star_livfame_com.p12\u00a0file to a keystore by performing the following command line in Tomcat using keytool:<\/p>\n
keytool -importkeystore -srckeystore star_livfame_com.p12\u00a0-srcstoretype PKCS12 -destkeystore star_livfame_com.jks<\/code><\/p>\n
Note:<\/strong>\u00a0It will ask for password of the pkscs12 that we generated earlier and a new password for the keystore, remember the password that you have given for keystore you will need it in configuration.<\/p>\n
That’s it !! <\/strong>Your\u00a0keystore\u00a0is generated and ready to be used at: \/opt\/tomcat\/ssl\/star_livfame_com.jks.<\/p>\n
5. Test the Keystore<\/h3>\n
You can test your keystore\u00a0if its generated properly with below command:<\/p>\n
$keytool -list -v -keystore\u00a0star_livfame_com.jks<\/code><\/p>\n
Enter keystore password:\r\n\r\nKeystore type: JKS\r\nKeystore provider: SUN\r\n\r\nYour keystore contains 1 entry\r\n\r\nAlias name: 1\r\nCreation date: 29 Apr, 2016\r\nEntry type: PrivateKeyEntry\r\nCertificate chain length: 2\r\nCertificate[1]:\r\nOwner: CN=*.livfame.com, OU=Media - Technology, O=Fame Digital Pvt. Ltd., L=Mumbai, ST=Maharashtra, C=IN\r\nIssuer: CN=thawte SSL CA - G2, O=\"thawte, Inc.\", C=US\r\n.....<\/pre>\n
Hope this blog helped you in converting Apache (x509 cert) SSL Certificate to Tomcat (Keystore). I will be continuing to post some more important related blogs.<\/p>\n","protected":false},"excerpt":{"rendered":"
When setting up SSL certificate for a website, we mainly use two types of SSL certificate one is x509 mostly used with applications support OpenSSL library and other is Keystore which is used with Java 1.6+ applications. Apache\/Nginx uses x509 pem\/crt files which is is very different than a Jetty\/Tomcat (Java 1.6+) system that uses […]<\/p>\n","protected":false},"author":747,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":47},"categories":[1174,1],"tags":[3308,4844,2540,3281,17,3280],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/34134"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/747"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=34134"}],"version-history":[{"count":1,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/34134\/revisions"}],"predecessor-version":[{"id":59864,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/34134\/revisions\/59864"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=34134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=34134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=34134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}