Prepare a Java Keystore certificate for use with webApp.secure™

Export the certificate AND private key from the keystore:

1. Export the certificate using the keytool command-line utility:
   

   # keytool -export -rfc -alias my_cert -file cert.crt -keystore keystorename -storepass keystorepassword

2. Download ExportPriv.java from http://mark.foster.cc/pub/java/ExportPriv.java.
3. Download Base64Coder.java from http://www.source-code.biz/snippets/java/2.htm.
4. Rename Base64Coder.java without the ".txt" extension.
5. Compile ExportPriv.java and Base64Coder.java:
   

   # javac ExportPriv.java Base64Coder.java

6. Export the private key to "exported.key" in PKCS#8 PEM format:*
   

   # java -classpath . ExportPriv <keystore> <alias> <password> > exported.key

7. Convert the private key "exported.key" to "exported_rsa.key" in RSA format:
   

   # openssl pkcs8 -inform PEM -nocrypt -in exported.key -out exported_rsa.key

Update the webApp.secure SSL configuration to reflect the full path and filenames of the certificate and private key created in the previous steps:

1. Go to "Edit Properties" -> "SSL" tab.
2. Enter the full path and file name of the certificate from step 1 above into the "Certificate File" field.
3. Enter the full path and file name of the private key from step 7 above into the "Certificate Key File" field.
4. Restart webApp.secure to load the new certificate and key files.

Other resources and references:

• keytool - Key and Certificate Management Tool
• Keytool to OpenSSL Conversion Tips
• Dealing with Java Keystores
• Java, SSL, and the Keystore of Doom