把tomcat(keystore)的SSL证书转换成apache格式

首先这是参考的原文:

http://www.zimbra.com/forums/administrators/9832-exporting-private-key-keystore-use-postfix-apache.html

需求:我们申请了一个网站证书,申请的时候是tomcat格式,现在需要转换成apache的格式。tomcat用的是keystore的格式(keytool)生成,apache是用的private key+crt格式。

1. 首先下载ExportPrivateKey.zip,这个在http://www.anandsekar.com/wp-content/uploads/2006/01/ExportPrivateKey.zip,或者team的目录里也有下载好的
2. 使用下载的文件导出private key:
java -jar ExportPrivateKey.zip {keystore_path} JKS {keystore_password} {alias} exported-pkcs8.key
3. 使用openssl把pkcs #8的格式转换成apache需要的格式:
openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out exported.key
4. 使用这个exported.key和返回来的证书,就可以让apache使用了

One thought on “把tomcat(keystore)的SSL证书转换成apache格式

  1. trymb.com

    When securing a website with SSL it’s important to make sure that all assets that the site uses are served over SSL, so that an attacker can’t bypass the security by injecting malicious content in a javascript file or similar.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *