JBY Technologies

Converting PKCS#7 Certificates To Tomcat Format

Sometimes one needs to use the same certificate with multiple web servers, for example with Apache httpd and Tomcat serving the same website. To convert a pkcs#7 certificate for use with Apache and Tomcat...

keytool -import -trustcacerts -alias host.example.com -file host.example.com.crt -keystore host.example.com.key

Make sure the host entry in server.xml is the correct name and restart tomcat.

Convert a copy to PEM for Apache:

keytool -keystore host.example.com.key -exportcert -alias host.example.com | openssl x509 -inform der -text

keytool -importkeystore -srckeystore host.example.com.key -destkeystore host.example.com.p12 -srcstoretype jks -dests toretype pkcs12

openssl pkcs12 -in host.example.com.p12 -out host-example.com.pem

Remove PEM password:

openssl rsa -in host.example.com.pem -out new.host.example.com.pem

View the certificate:

openssl rsa -text -in new.host.example.com.pem

Either change the Apache ssl virtual host to use the new file name, or replace host.example.com.pem with new.host.example.com.pem in the Apache ssl config directory.

Bookmark and Share

Legal Notices