How can i migrate SSL from Tomcat to Apache HTTPD?

后端 未结 1 1611
说谎
说谎 2021-02-09 04:27

I am migrating my single server tomcat to a cluster, load balanced and cached by Apache HTTPD (reverse proxy with mod_proxy). Is it possible to convert the certificate and keys

1条回答
  •  天涯浪人
    2021-02-09 05:09

    It's quite easy to extract the certificates directly with keytool, it's a bit trickier to extract the private key (although you could write programs to do so). I'd suggest using a combination of keytool and openssl.

    If your keystore is in PKCS#12 format (.p12 file), skip this step. Convert your JKS store into a PKCS12 store using keytool (need version from Java 6+)

    keytool -importkeystore -srckeystore thekeystore.jks \
                            -srcstoretype JKS \
                            -destkeystore thekeystore.p12 \
                            -deststoretype PKCS12
    

    Then, extract the certificate using openssl:

    openssl pkcs12 -in thekeystore.p12 -clcerts -nokeys -out servercert.pem
    

    Extract the private key:

    umask 0077
    openssl pkcs12 -in thekeystore.p12 -nocerts -nodes -out serverkey.pem
    umask 0022
    

    Note that, because the -nodes option is used when extracting the private key, the private key file won't be protected (as it mustn't have a password to be usable by Apache Httpd), so make sure no one else can read it.

    Then, configure Apache Httpd using SSLCertificateFile and SSLCertificateKeyFile to point to the certificate file and the private key file, respectively.

    0 讨论(0)
提交回复
热议问题