and I have spent the last couple days trying to figure out how to convert a JSSE
certificate for use with OpenSSL
We needed to move one of our standalone Resin
server from a Windows box to Linux.
Unfortunately, the Linux resin binary (which is required in order to run the server on ports 80/443 as a non-privileged user) is compiled against the OpenSSL libraries. Under Windows, JSSE is usually used.
We looked everywhere, asked anyone for help and tried everything we could think of. From portforwarding
to various kernel hacks
. Nothing really worked to our satisfaction.
Luckily, Allon stumbled onto this nifty little tool called KeyTool GUI
, which allowed us to convert our Keystore
to the PKCS#12
Here's what we did:
||Opened our keystore with KeyTool GUI.
||Exported the keystore using the Private Key and Certificates (PKCS#12) option. The file was saved as “server.pfx.”
||Converted the PFX file to the PEM format using the following OpenSSL command:
openssl pkcs12 -in server.pfx -out server.pem
Finally, we added the following to our Resin configuration file:
<http host='127.0.0.1' port='443'>
It may sound pretty simple when it is all said and done, but it actually took an awful lot of efforts to get there.