I am moving my site from a tomcat only instance to an apache httd/ apache tomcat setup. I'm trying to set up the ssl with mod_ssl on apache httpd. But I don't know how to convert my tomcat keystoreFile/keystorePass to the apache httpd SSLCertificateFile/SSLCertificateKeyFile format. I am pouring over the openssl man pages with no luck. I am running the site on Fedora 13. Any suggestions?
A:
Use the Java keytool -importkeystore utility to convert the "JKS" format key store file to a standard "PKCS #12" format. Then use OpenSSL to convert the PKCS #12 file to whatever format you require. You can see full details in this answer to a duplicate question.
erickson
2010-10-05 18:52:45
Thank you. I did not realize that was the format I was looking for. I also found this link a minute ago that helped also. http://www.zimbra.com/forums/administrators/9832-exporting-private-key-keystore-use-postfix-apache.html
Dustin
2010-10-06 00:17:14
Yes, that article that you linked to provides code that's a lot like what [I gave in *my* answer to the duplicate question.](http://stackoverflow.com/questions/652916/converting-a-java-keystore-into-pem-format/653083#653083) Before Java 6, you couldn't convert key store formats, and had to write your own code (or download a library like your article shows). Now, it's a built-in function of `keytool`.
erickson
2010-10-06 15:41:27