Sometimes one needs to use the same certificate with multiple web servers, for example with Apache httpd and Tomcat serving the same website. To convert a pkcs#7 certificate for use with Apache and Tomcat...
keytool -import -trustcacerts -alias host.example.com -file host.example.com.crt -keystore host.example.com.key
Make sure the host entry in server.xml is the correct name and restart tomcat.
Convert a copy to PEM for Apache:
keytool -keystore host.example.com.key -exportcert -alias host.example.com | openssl x509 -inform der -text
keytool -importkeystore -srckeystore host.example.com.key -destkeystore host.example.com.p12 -srcstoretype jks -dests
toretype pkcs12
openssl pkcs12 -in host.example.com.p12 -out host-example.com.pem
Remove PEM password:
openssl rsa -in host.example.com.pem -out new.host.example.com.pem
View the certificate:
openssl rsa -text -in new.host.example.com.pem
Either change the Apache ssl virtual host to use the new file name, or replace host.example.com.pem with new.host.example.com.pem in the Apache ssl config directory.
