How can i migrate SSL from Tomcat to Apache HTTPD?
I am migrating my single server tomcat to a cluster, load balanced and cached by Apache HTTPD (reverse proxy with mod_proxy). Is it possible to convert the certificate and keys to the apache format or i have to re-is开发者_开发百科sue the whole thing?
It's quite easy to extract the certificates directly with keytool
, it's a bit trickier to extract the private key (although you could write programs to do so). I'd suggest using a combination of keytool
and openssl
.
If your keystore is in PKCS#12 format (.p12 file), skip this step. Convert your JKS store into a PKCS12 store using keytool
(need version from Java 6+)
keytool -importkeystore -srckeystore thekeystore.jks \
-srcstoretype JKS \
-destkeystore thekeystore.p12 \
-deststoretype PKCS12
Then, extract the certificate using openssl:
openssl pkcs12 -in thekeystore.p12 -clcerts -nokeys -out servercert.pem
Extract the private key:
umask 0077
openssl pkcs12 -in thekeystore.p12 -nocerts -nodes -out serverkey.pem
umask 0022
Note that, because the -nodes
option is used when extracting the private key, the private key file won't be protected (as it mustn't have a password to be usable by Apache Httpd), so make sure no one else can read it.
Then, configure Apache Httpd using SSLCertificateFile
and SSLCertificateKeyFile
to point to the certificate file and the private key file, respectively.
精彩评论