Convert wso2carbon.jks into PEM format, extract certificate and private key

Posted: June 14, 2014 in Uncategorized
Tags: , , , , , ,
Extract private key and certificate.
keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2.p12 -srcstoretype jks  -deststoretype pkcs12 -alias wso2carbon
openssl pkcs12 -in wso2.p12 -out wso2.pem
Extract only the certificate.
openssl pkcs12 -in wso2.p12 -out wso2.pem
Extract the private key.
openssl pkcs12 -in wso2.p12 -nocerts -out wso2.key
Remove pass phrase from the private key.

Private key is encrypted with a passphrase to enforce security. However if you use this private key to configure SSL for a server (Apache or nginx) you will have to provide this passphrase everytime you start/restart the server. This is kind of a burden. So let’s remove the passphrase from the private key.

openssl rsa -in wso2.key -out wso2.key

Now above private key and certificate can be used to configure SSL in Apache and Nginx

Nginx SSL configuration

server{

 listen 443 ssl;
 server_name wso2.as.com;

 ssl_certificate /etc/nginx/ssl/wso2.crt;
 ssl_certificate_key /etc/nginx/ssl/wso2.key;
}

Apache2 SSL configuration

SSLCertificateFile /path/to/wso2.crt
SSLCertificateKeyFile /path/to/wso2.pem

References:

http://stackoverflow.com/questions/652916/converting-a-java-keystore-into-pem-format
http://www.networking4all.com/en/support/ssl+certificates/manuals/microsoft/all+windows+servers/export+private+key+or+certificate/
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-14-04

Advertisements
Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s