How to convert SSL Nginx cert to Tomcat cert

Share this post to your friends !
  • 1

SystemMen - This article will guide you how to convert SSL Nginx cert to Tomcat cert.

Nginx cert and Tomcat cert

When you buy SSL cert for Nginx web server (or Apache), you usually get 3 files of the following type:

  • STAR_domain.CERT.crt
  • STAR_domain.PRIVATE.key
  • STAR_domain.CA.key

Nginx’s ssl cert file uses X.509 format. You can read more about it.

For Java applications, it runs the Tomcat web server. And Tomcat’s ssl cert uses the .jks (Java KeyStore) format, this is Oracle’s own format.

Steps to convert X.509 cert into JKS

First, this is easier on a Linux machine, because it has OpenSSL built-in.

how-to-convert-ssl-nginx-cert-to-tomcat-cert How to convert SSL Nginx cert to Tomcat cert
Convert X.509 cert to JKS cert.

To convert X.509 SSL cert to JKS cert, you need 3 files that I mentioned above, CERT file, PRIVATE key and CA cert.

First, you need to export all of these files into one bundle file in .p12 format.

$ openssl pkcs12 -export -in STAR_domain.CERT.crt -inkey STAR_domain.PRIVATE.key -certfile STAR_domain.CA.key -out domain.p12

This command will ask you to set an export password for the keystore. For example, I set it to danie.

Then, run the keytool command to import this .p12 file into the PKCS12 library and export the final cert file .jks.

$ keytool -importkeystore -srckeystore domain.p12 -srcstoretype PKCS12 -destkeystore domain.jks

This command will ask you to set a destination keystore password, at least 6 characters. I set it to daniepham.

Then it will ask you to type source keystore password. It is the same password export that you have set at the openssl pkcs12 command, it’s danie of my example.

And done, you have finished converting X.509 cert to JKS cert and now you can import it into your Tomcat web server.


Converting X.509 cert of Nginx (or Apache) to Tomcat’s cert JKS only goes through 2 commands. It is not difficult, but not everyone knows that. Hope the article is useful for you.

If you liked this article, then please subscribe to our YouTube Channel for more video tutorials. You can also find us on Twitter and Facebook.

Share this post to your friends !
  • 1
If you appreciate what we share in this blog, you can support us by:
  1. Stay connected to: Facebook | Twitter | Google Plus | YouTube
  2. Subscribe email to recieve new posts from us: Sign up now.
  3. Start your own blog with SSD VPS - Free Let's Encrypt SSL ($2.5/month).
  4. Become a Supporter - Make a contribution via PayPal.
  5. Support us by purchasing Ribbon Lite Child theme being using on this website.

We are thankful for your support.

«« »»

Got something to say? Join the discussion

Please keep in mind that all comments are subject to our Comment Policy. Your email address will not be published.
This site uses Akismet to reduce spam. Learn how your comment data is processed.