Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications


This usually needs when you are hosting web application Sun One Application server and using Apache as proxy for forwarding request to the application on Sun One with SSL connections.



Prerequisites: You need the NSS tools from mozilla.org and openssl.


1. Copy the cert7.db and key3.db from the AppServer config directory to some directory on ferrari or wherever you have the NSS tools.

2. Find the certname in the server.xml file by looking for the cert-nickname attribute. This is the cert you want to export.

3. Export the key and cert to PKCS12 format

pk12util -d . -o <output filename> -n <cert name from list in #2 above>

It'll ask you for passwords to the .db and then ask you to input a new one. I just keep the same one or leave it blank. This is assuming you're running this in the same directory as the .db files.

4. Now convert PKCS12 file to PEM format (which is what apache wants) using openssl:

openssl pkcs12 -in <filename from #3 above> -out <name of pem file>

It'll ask you for the password you entered in #3 and then ask you to enter a new one for the output.

5.
The pem file created has both the key and cert in it so you have to
split it out into two files. Just grab the part that is inside of the
BEGIN and END lines for the cert and key and put them into separate
.pem files.  Note for cert files please grab the Second Certificate in
that PEM file.

6. Now you have to decrypt the RSA key file so that apache doesn't prompt you for a password on startup. Use this command:

openssl rsa -in <key pem file you created in #5> -out <output key pem file you are going to use in apache>

6. Now point the apache httpd.conf to the cert and key file and you should be all set.

7. Restart Apache.




Rate This Article: poorexcellent
 
Comments about this article

Comment title: * please do not put your response text here