OpenSSL generates a CSR file, converting CRT and key files to jks files under Tomcat

Source: Internet
Author: User
Tags pkcs12 in domain

OpenSSL req-new-newkey rsa:2048-nodes-keyout DOMAIN.COM.CSR

This command will generate 2 files: 1 CSR files and one key file

Copy and paste the contents of the CSR file into GoDaddy and click Apply.

After successful application, the download will get a zip package, I choose the other type (no nginx server, so choose the other).

There are 2 files in the compressed package that resemble the following



Execute the following command:

Cat 313fd7ca5877f128.crt gd_bundle-g2-g1.crt > DOMAIN.COM.CRT

This time the resulting CRT files and key files can get nginx under the configuration used.


However, if you want to convert the CRT files and key files at this time to the Keystone file used under Tomcat, you need to take advantage of the following two commands.

[email protected] tomcat]# OpenSSL pkcs12-export-in mycert.p12-name Tomcat -cafile Root-chain
Enter Export Password:
Verifying-enter Export Password:

[Email protected] tomcat]# keytool-importkeystore-v-srckeystore mycert.p12-srcstoretype pkcs12-destkeystore Tomcat. Keystore-deststoretype JKs
Enter Destination KeyStore Password:
Re-enter new password:
Enter Source KeyStore Password:
Entry for alias Tomcat successfully imported.
Import command completed:1 entries successfully imported, 0 entries failed or cancelled
[Storing Tomcat.keystore]

These 2 commands are thanks to the author of the following article:


The configuration in Tomcat is as follows:

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol"

Maxthreads= "150"

Sslenabled= "true"

Scheme= "https"

Secure= "true"

Clientauth= "false"

Sslprotocol= "TLS"

Keystorefile= "/root/ssl/tomcat/tomcat.keystore"

Keystorepass= "123456"


This code would have been commented out, uncomment it, and then modify it.

Then enter the address in the browser:


So you can see the green of expectation.

After the test, completely normal.

This article from "Leboit" blog, declined reprint!

OpenSSL generates a CSR file, converting CRT and key files to jks files under Tomcat

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.