How can I use an SSL certificate generated with Java keytool with Nginx?

nginx ssl ssl-certificate https private-key
11,134

You can't use a keystore with just about anything not written in Java, as far as I know. It's also not possible to extract the key with keytool.

I'd recommend using something like http://www.openssl.org/docs/HOWTO/keys.txt or the easy-rsa-tools included with OpenVPN to generate a new key/certificate-combo, which will by default be generated in a format readable by nginx.

If it is important to extract the key from the keystore, there's a guide at http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips on how to extract it.

Share:
11,134
Jonas
Author by

Jonas

Updated on September 18, 2022

Comments

  • Jonas
    Jonas over 1 year

    I used the Java keytool to generate a "keystore":

    keytool -genkey -alias example.com -keyalg RSA -keystore example.com.keystore

    Then I generated a CSR (Certificate Signing Request):

    keytool -certreq -keyalg RSA -alias example.com -file example.com.csr
-keystore example.com.keystore

    Then I issued an certificate and saved it in a textfile example.com.crt

    Now I want to use this certificate with Nginx.

    I have placed my certificate on /etc/ssl/certs/example.com.cert and I placed my "keystore" (I think it contains my private key?) on /etc/ssl/private/example.com.keystore

    Then I configured my Nginx following Nginx, SSL and vhosts. But when I reload the Nginx configuration file I get this error message:

    sudo service nginx reload
Reloading nginx configuration: [emerg]: SSL_CTX_use_certificate_chain_file("/etc/ssl/certs/myssl.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed

    When I followed the same guide and generated an SSL-certificate using openssl it worked fine. But using Java keytool I get this error.

    How can I use a SSL-certificate and keys from Java keytool with Nginx?

    • Murwa
      Murwa over 4 years
      The link ink is broken
  • user1156544
    user1156544 over 6 years
    I think this is wrong or outdated..... You can extract your keys with Keystore. See security.stackexchange.com/questions/3779/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

NGINX + SSL certificate securing the connection in some browsers only
Curl SSL error certificate has expired
Multiple SSL vhosts using wildcard certificate in nginx
Redirect non-www to www over SSL with Nginx
What does "SSL_CTX_use_PrivateKey_file" "problems getting password error" indicate in Nginx error log?
Some clients accept SSL cert; others reject it
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Nginx config to proxy pass to external ip and port (https -> http)
Redirect HTTP to HTTPS from Nginx is not working
How to fix PR_END_OF_FILE_ERROR when using nginx with ssl?