Exporting Java-keystore certificates into a Textfile (.pem)

Sometimes products get simply better, so does Tomcat. Beginning with Version 7 it is possible to specify the certificates for the listener in Apache httpd (OpenSSL-Style). For me, this is much easier to understand and easier to configure.

To export all your trusted CA’s to a textfile in .pem format, you can use the much loved/hated java keytool:

The keytool lives in %JAVA_HOME%/bin/ and has to be called with this parameters:

  • -list (lists all certificates in the store)
  • -rfc (lists the certificates in rfc style
  • -keystore (path to the java-keystore you want to export
  • -storepass (password to the java-keystore you want to export

This parameterset gives you an nice formatted text-output of your certificates.

The final step is, to forward the text-output into a file, and voila – finished you have a file, which you can use in your Tomcat-Connector for the parameter „SSLCACertificateFile“.

& 'C:\Program Files\Java\jdk1.8.0_60\bin\keytool.exe' -list -rfc -keystore C:\certs\cacerts -storepass changeit > all-cas.pem

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.