I just spent a couple hours trying to figure out how to convert and OpenSSL Key/Certificate to one that can be used by Tomcat. It turned out being way more complicated than I thought, and I had to piece together instructions from various web sites. Here’s how I did it:
Convert the Key to a PKCS12 Key. This will prompt you for a password which you will need when you change the Tomcat configuration.
openssl pkcs12 -export -in /etc/apache2/ssl.crt/somedomain.com.crt -out somedomain.com.pkcs12 -name “somedomain.com” -inkey /etc/apache2/ssl.key/somedomain.com.com.key
Verify that the pkcs12 file contains your key. You should be able to see your certificate’s common name, and various other parameters.
keytool -list -v -keystore somedomain.com.pkcs12 -storetype pkcs12
Now configure Tomcat by editing conf/server.xml and changing the SSL Connector to something like this:
<connector port="8443" maxThreads="150" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType= "PKCS12" keystoreFile="somedomain.pkcs12" keystorePass="yourKeystorePass">
4 thoughts on “Convert an OpenSSL (Apache) SSL Certificate to a PKCS12 (Tomcat)”
keytool throws and error on my system.
keytool error (likely untranslated): java.io.IOException: Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters)
Thx alot man,
u saved my day.
Thanks a lot this was very handy
Ohâ€” thank you, sir! Made my day as well.