HomePage » Tomcat » JavaPrivateKeyExport


Use this java program to export the private key
DumpPrivateKey.java
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
 
public class DumpPrivateKey {
        static public void main(String[] args) {
                try {
                        KeyStore ks = KeyStore.getInstance("jks");
                        ks.load(new FileInputStream("keystore"),
                                 "password".toCharArray());
                        Key key = ks.getKey("youralias",
                                 "password".toCharArray());
                        System.out.write(key.getEncoded());
                } catch (Exception e) {
                        e.printStackTrace();
                }
        }
}


Then use this shell script to add back the headers and footers
#!/bin/sh
ALIAS=youralias
PKEY_8=privatekey.pkcs8
PKEY_64=privatekey.b64
CERT_64=certificate.b64
CERT_12=certificate.p12
keytool -alias ${ALIAS} -export -rfc >${CERT_64}
java DumpPrivateKey >${PKEY_8}
(echo "-----BEGIN PRIVATE KEY-----" ;
 openssl enc -in ${PKEY_8} -a;
 echo "-----END PRIVATE KEY-----") >${PKEY_64}
openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export
rm ${PKEY_8} ${PKEY_64} ${CERT_64}
echo ${CERT_12}



Configure tomcat ssl connector
It would be easier to stick with x509 certificate and rsa keys which are compatible with openssl and apache
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector 
	       port="8443" minSpareThreads="5" maxSpareThreads="75"
	       enableLookups="true" disableUploadTimeout="true" 
	       acceptCount="100"  maxThreads="200"
	       scheme="https" secure="true" SSLEnabled="true"
	       SSLCertificateFile="/usr/local/ssl/server.crt" 
	       SSLCertificateKeyFile="/usr/local/ssl/server.pem"
	       clientAuth="false" sslProtocol="TLS"/>
-->

There are no comments on this page. [Add comment]

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki