Upgrading from keystore/keytool to Tomcat Native APR with OpenSSL

Today i had to upgrade a tomcat server that used a keystore file for SSL, to a native tomcat 6 with APR and OpenSSL. I thought this was easy until i realized i didn’t had the original private key anymore of when the certificate was created. The steps we took with Keytool to generate the the original certificate request, do not save the private key as a separate file.. After some digging around i found this nice java app called Portecle that does the trick: it opens your keystore and allows you to export the private key. It even lets you remove the encryption/password. After that it was easy: saving the private key and issued certificate in a separate folder, changing the server.xml to this:
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLCertificateFile="/ssl/wildcard.crt"
SSLCertificateKeyFile="/ssl/private.key"
/>
and voila:
Feb 9, 2010 4:04:27 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.19.
Feb 9, 2010 4:04:27 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Feb 9, 2010 4:04:27 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Feb 9, 2010 4:04:27 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-443
Feb 9, 2010 4:04:27 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Feb 9, 2010 4:04:27 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 525 ms
Feb 9, 2010 4:04:27 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 9, 2010 4:04:27 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.24l
Feb 9, 2010 4:04:28 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml
Feb 9, 2010 4:04:28 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Feb 9, 2010 4:04:28 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
Feb 9, 2010 4:04:28 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Feb 9, 2010 4:04:28 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 953 ms
Thank you Portecle !!
Start your free, no-risk, 4 week trial!
Copyright © 2024 Opentracker. All rights reserved.