Ask a Question

Solution ID : SO17995

Last Modified : 05/02/2018

How to move an SSL certificate from Tomcat to Apache

Problem

How to move an SSL certificate from Tomcat to Apache

Solution

To move a certificate from Tomcat to Apache, do the following:

  1. Run a command below:

keytool -importkeystore -srckeystore [originalkeystore] -destkeystore [new_keystore_mystore.p12] -deststoretype PKCS12 -srcstorepass [keystore_password] -deststorepass [new_password] -srcalias [original_alias] -destalias [new_alias] -srckeypass [original_alias_password] -destkeypass [new_password] -noprompt

 

  1. Output of the file is the [new_keystore_mystore.p12] file
     
  2. Use Openssl to extract the private key:

openssl.exe pkcs12 -in new_keystore_mystore.p12 -nocerts -out privatekey.pem

 

  1. Use Openssl to extract the certificate:

openssl.exe pkcs12 -in new_keystore_mystore.p12 -clcerts -nokeys -out publicCert.pem



     

Step 2: Import files into the Apache server:

      1. Download the RapidSSL Intermediate CA certificate

      2. Using a plain text editor, save the Intermediate CA certificate as intermediate.pem, to the appropriate folder.

For example: /etc/apache2/ssl.crt/intermediate.crt
 
The text file should look like the example below:

-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----

Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been added.
 
      3. Open the httpd.conf file using a plain text editor and update the directives so they point to the location where the 3 files were saved:

Make sure the Virtual host looks similar to the example below:

<VirtualHost x.x.x.x:443>
ServerAdmin webmaster@Your_domain_name.com
ServerName www.Your_domain_name.com
 ...
SSLCertificateFile /Path to the file.../publicCert.pem
SSLCertificateKeyFile /Path to the file.../privatekey.pem
SSLCACertificateFile /Path to the file.../intermediate.pem
</VirtualHost>

Note: Depending on the version of Apache, the directive SSLCACertificateFile may be SSLCertificateChainFile

      4. Restart Apache

The latest version of the JDK can be downloaded here

For more information concerning OpenSSL please visit: www.openssl.org