![]() ![]() The Java keystore format won’t work with Apache, however, so I needed a way to export the certificate and private key from the Java keystore we used for Tomcat and import it to a new PEM file so I can use it with Apache. So I started playing with Apache, mod_xsendfile, and mod_proxy and finally got things working. But with this new project it just seems to make sense to put an Apache web server in front of Tomcat and use the mod_xsendfile module to serve the files, which will also allow us to control which users can access which files. Our web application currently runs on Tomcat alone as we don’t have many users (internal users only) and most of the content is dynamic. ("-BEGIN PRIVATE KEY-") įor (int c = 0 c < b64b.I’m currently working on a new project where I need to write a service to serve static files to users. I had to insert line breaks after 64 chars in ExportPriv.java for it to work in nginx:Ĭhar b64 = Base64Coder.encode(privKey.getEncoded()) I'm not sure why this is required (or why Apache can't decode the base64-encoded version of the private key created by Java), but it fixed the problem I was seeing. ![]() Openssl rsa -in privkey-java.key -out privkey.key In summary, I had to re-encode the Java-base64-encoded private key using openssl to make it palatable to Apache: However, I ran into one problem with Apache 2 when using the Java-base64-encoded private key. IMPORTANT NOTE: Fix for problem below committed as of r10 (). It's helped me a great deal to set up client authentication via SSL between Apache 2 and Tomcat 5. Thanks for your "OpenSSL to Keytool Conversion tips" web page. Openssl pkcs12 -export -out exported.pfx -inkey exported.key -in exported-pem.crt this should do the trick for using with IIS, for example. ![]() Once you have the private key and public key (certificate) combo that go together you can package them in pkcs12-formatted file. ![]() KeyStoreBuilder (part of Not-Yet-Commons-SSL) converts PKCS12 and PKCS8 to/from Java "Keystore".Ĭombine extracted public/private keys into PKCS#12 formatĪ PKCS12 format file is typically suffixed with. The result can be used directly to configure HTTPS with APR in tomcat. Portecle is a free java application that can be used to export the private key (in RSA format) and a certificate into one file in PEM or PKCS12 format. There is a freeware tool called KeyTool-IUI that will do it as well. However this feature is not present in the evaluation version. It exports the key pair to pkcs12 format. The details of how to compile and use it are explained on the wiki pages.Īnother way to extract the key is to purchase Keystore Explorer, which claims to support exporting private keys and key-pairs. This little Java utility is now a hosted project on Google Code at Key (sometimes called a "key-pair") can be combined into a PKCS12 file, or just left separate depending on your needs.īesides the obvious OpenSSL and Keytool, listed below are some tools that can be used to convert from the keystore format to the PEM/DER formats used by openssl. With the keytool program youĬan only extract the certificate (public key), so a separate tool is needed (such as ' ExportPriv' or ' Keystore Explorer') to export the private key. Need to extract the certificate and private key. You may find yourself in a situation where you have a JKS-format keystore, and ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |