Home / server / Questions / 185506
Accepted
flooble
Asked: 2010-09-29 10:05:10 +0800 CST

Tomcat - Exporting Private Key?

  • 772

So I've an appliance that uses SSL certs for different functions.

I generated a CSE using keytool using these commands:

keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/msw/data/keystore -storepass changeit

keytool -certreq -alias tomcat -keyalg RSA -keystore /opt/msw/data/keystore -storepass changeit -file /root/certreq.csr

Which generated the CSR that I used to download the cert, then I installed it using

"keytool -import -alias tomcat -trustcacerts -keystore /opt/msw/data/keystore -storepass changeit -file /root/server.cert"

So far, so good.

However, one component that uses SSL requires both the certificate and the private key, which of course I don't have - and I don't see an obvious way using keytool to export the private key from Tomcat, is there one please?

tomcat apache-2.2 ssl-certificate

1 Answers

  1. Best Answer

    Believe it or not, this functionality is not supported in keytool. The best solution I have found so far is the software and instructions available for download on this Web site.

    I usually generate the key using openssl and then use this method to import the key, as that is not supported by keytool either.

    To generate a 2048 bit key:

    openssl genrsa -out host.domain.com.key 2048

    To create a keystore from this key:

    KEY=host.domain.com
openssl pkcs8 -topk8 -nocrypt -in $KEY.key -inform PEM -out key.der -outform DER
openssl x509 -in $KEY.crt -inform PEM -out cert.der -outform DER
wget http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class
java ImportKey key.der cert.der
    • 3