Ask a Question

Advanced Search

Solution ID : SO17996

Last Modified : 05/02/2018

How to move an SSL certificate from Tomcat to Apache


How to move an SSL certificate from Tomcat to Apache


Note: Keytool and OpenSSL are third party tools which are not supported by Symantec

Step 1: Use keytool to convert the keystore to a p12 file

  1. Run the following keytool command to create a p12 file:
keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [new_keystore_mystore.p12] -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]
  1. The output file is [new_keystore_mystore.p12]
  1. Use Openssl to extract the private key:
openssl.exe pkcs12 -in new_keystore_mystore.p12 -nocerts -out privatekey.pem
  1. Use Openssl to extract the certificate:
openssl.exe pkcs12 -in new_keystore_mystore.p12 -clcerts -nokeys -out publicCert.pem

Save the two files (privatekey.pem and publicCert.pem) to the Apache server

Step 2: Import files into the Apache server:

      1. Download the Symantec Intermediate CA certificate

      2. Using a plain text editor, save the Intermediate CA certificate as intermediate.pem, to the appropriate folder.

For example: /etc/apache2/ssl.crt/intermediate.crt
The text file should look like the example below:

[encoded data]

Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been added.
      3. Open the httpd.conf file using a plain text editor and update the directives so they point to the location where the 3 files were saved:

Make sure the Virtual host looks similar to the example below:

<VirtualHost x.x.x.x:443>
SSLCertificateFile /Path to the file.../publicCert.pem
SSLCertificateKeyFile /Path to the file.../privatekey.pem
SSLCACertificateFile /Path to the file.../intermediate.pem

Note: Depending on the version of Apache, the directive SSLCACertificateFile may be SSLCertificateChainFile

      4. Restart Apache

The latest version of the JDK can be downloaded here

For more information concerning OpenSSL please visit: