Skip to end of metadata
Go to start of metadata

To generate the Keystore and CSR file, refer to https://serverfault.com/questions/715827/how-to-generate-key-and-crt-file-from-jks-file-for-httpd-apache-server.

To extract the key from the keystore.jks file, execute the following commands:

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
openssl pkcs12 -in keystore.p12  -nodes -nocerts -out praguewebrtc.key 

The first command copies the key from your keystore to a new .p12 store.  The second command extracts the key from the .p12 to a .key file for the NGINX configuration.

Configuring the Certificate on NGINX Server

The following figure illustrates on how to configure the certificate on NGINX server.

Figure : Configure Certificates on NGINX Server

 

 The server.crt and server.key files are configured in nginx.conf file.

  • Execute the following command to export the .crt:
keytool -export -alias mydomain -file mydomain.der -keystore mycert.jks
  • Execute the following command to convert the certificate to PEM:
openssl x509 -inform der -in mydomain.der -out certificate.pem
  • Execute the following command to export the key:
keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12
  • Execute the following command to convert the PKCS12 key to unencrypted PEM:
openssl pkcs12 -in keystore.p12  -nodes -nocerts -out mydomain.key
  • No labels