Convert wso2carbon.jks into PEM format, extract certificate and private key

Posted: June 14, 2014 in Uncategorized
Tags: , , , , , ,
Extract private key and certificate.
keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2.p12 -srcstoretype jks  -deststoretype pkcs12 -alias wso2carbon
openssl pkcs12 -in wso2.p12 -out wso2.pem
Extract only the certificate.
openssl pkcs12 -in wso2.p12 -out wso2.pem
Extract the private key.
openssl pkcs12 -in wso2.p12 -nocerts -out wso2.key
Remove pass phrase from the private key.

Private key is encrypted with a passphrase to enforce security. However if you use this private key to configure SSL for a server (Apache or nginx) you will have to provide this passphrase everytime you start/restart the server. This is kind of a burden. So let’s remove the passphrase from the private key.

openssl rsa -in wso2.key -out wso2.key

Now above private key and certificate can be used to configure SSL in Apache and Nginx

Nginx SSL configuration


 listen 443 ssl;

 ssl_certificate /etc/nginx/ssl/wso2.crt;
 ssl_certificate_key /etc/nginx/ssl/wso2.key;

Apache2 SSL configuration

SSLCertificateFile /path/to/wso2.crt
SSLCertificateKeyFile /path/to/wso2.pem



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s