Ask a Question

How to move an SSL certificate from Tomcat to Apache


How to move an SSL certificate from Tomcat to Apache


To move a certificate from Tomcat to Apache, do the following:

  1. Run a command below:

keytool -importkeystore -srckeystore [originalkeystore] -destkeystore [new_keystore_mystore.p12] -deststoretype PKCS12 -srcstorepass [keystore_password] -deststorepass [new_password] -srcalias [original_alias] -destalias [new_alias] -srckeypass [original_alias_password] -destkeypass [new_password] -noprompt


  1. Output of the file is the [new_keystore_mystore.p12] file
  2. Use Openssl to extract the private key:

openssl.exe pkcs12 -in new_keystore_mystore.p12 -nocerts -out privatekey.pem


  1. Use Openssl to extract the certificate:

openssl.exe pkcs12 -in new_keystore_mystore.p12 -clcerts -nokeys -out publicCert.pem


Step 2: Import files into the Apache server:

      1. Download the RapidSSL Intermediate CA certificate

      2. Using a plain text editor, save the Intermediate CA certificate as intermediate.pem, to the appropriate folder.

For example: /etc/apache2/ssl.crt/intermediate.crt
The text file should look like the example below:

[encoded data]

Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been added.
      3. Open the httpd.conf file using a plain text editor and update the directives so they point to the location where the 3 files were saved:

Make sure the Virtual host looks similar to the example below:

<VirtualHost x.x.x.x:443>
SSLCertificateFile /Path to the file.../publicCert.pem
SSLCertificateKeyFile /Path to the file.../privatekey.pem
SSLCACertificateFile /Path to the file.../intermediate.pem

Note: Depending on the version of Apache, the directive SSLCACertificateFile may be SSLCertificateChainFile

      4. Restart Apache

The latest version of the JDK can be downloaded here

For more information concerning OpenSSL please visit: