Formatting code for JavaPrivateKeyExport
{{parent page="Tomcat"}}
==Use this java program to export the private key==
%%(java;DumpPrivateKey.java)
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey {
static public void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("keystore"),
"password".toCharArray());
Key key = ks.getKey("youralias",
"password".toCharArray());
System.out.write(key.getEncoded());
} catch (Exception e) {
e.printStackTrace();
}
}
}
%%
==Then use this shell script to add back the headers and footers==
%%(bash)
#!/bin/sh
ALIAS=youralias
PKEY_8=privatekey.pkcs8
PKEY_64=privatekey.b64
CERT_64=certificate.b64
CERT_12=certificate.p12
keytool -alias ${ALIAS} -export -rfc >${CERT_64}
java DumpPrivateKey >${PKEY_8}
(echo "-----BEGIN PRIVATE KEY-----" ;
openssl enc -in ${PKEY_8} -a;
echo "-----END PRIVATE KEY-----") >${PKEY_64}
openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export
rm ${PKEY_8} ${PKEY_64} ${CERT_64}
echo ${CERT_12}
%%
==Configure tomcat ssl connector==
It would be easier to stick with x509 certificate and rsa keys which are compatible with openssl and apache
%%
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="false" sslProtocol="TLS"/>
-->
%%
==Use this java program to export the private key==
%%(java;DumpPrivateKey.java)
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey {
static public void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("keystore"),
"password".toCharArray());
Key key = ks.getKey("youralias",
"password".toCharArray());
System.out.write(key.getEncoded());
} catch (Exception e) {
e.printStackTrace();
}
}
}
%%
==Then use this shell script to add back the headers and footers==
%%(bash)
#!/bin/sh
ALIAS=youralias
PKEY_8=privatekey.pkcs8
PKEY_64=privatekey.b64
CERT_64=certificate.b64
CERT_12=certificate.p12
keytool -alias ${ALIAS} -export -rfc >${CERT_64}
java DumpPrivateKey >${PKEY_8}
(echo "-----BEGIN PRIVATE KEY-----" ;
openssl enc -in ${PKEY_8} -a;
echo "-----END PRIVATE KEY-----") >${PKEY_64}
openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export
rm ${PKEY_8} ${PKEY_64} ${CERT_64}
echo ${CERT_12}
%%
==Configure tomcat ssl connector==
It would be easier to stick with x509 certificate and rsa keys which are compatible with openssl and apache
%%
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="false" sslProtocol="TLS"/>
-->
%%
