knowledgebase/linux/miscapplications/keytool Here's how you can use SSL certs with Java apps and vice versa. Generally, we use OpenSSL to generate a private key, then generate CSRs: http://rimuhosting.com/howto/modssl.jsp For Java apps, the private key has to be stored in a "keystore" which needs to be created with the keytool command: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html Importing the private key into the keystore is non-trivial, as far as I know, as is exporting a private key from a keystore. So I suggest the following procedure: generate the private key with keytool, then export it so it can also be used with Apache (and the same SSL cert). Here's the procedure I got to work with this: {code}as root: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA{code} This will create /root/.keystore Write down the password you used. {code:java} #call this file DumpPrivateKey.java import java.io.FileInputStream; import java.security.KeyStore; import java.security.Key; public class DumpPrivateKey { static public void main(String[] args) { try { KeyStore ks = KeyStore.getInstance("jks"); ks.load(new FileInputStream("/root/.keystore"), "password".toCharArray()); Key key = ks.getKey("tomcat", "password".toCharArray()); System.out.write(key.getEncoded()); } catch (Exception e) { e.printStackTrace(); } } } {code} Change the password in that file appropriately. {code}javac DumpPrivateKey.java{code} Then create this bash script: {code:sh} # cat dump_private_key.sh #!/bin/sh ALIAS=tomcat PKEY_8=privatekey.pkcs8 PKEY_64=privatekey.b64 CERT_64=certificate.b64 CERT_12=certificate.p12 keytool -alias ${ALIAS} -export -rfc >${CERT_64} java -classpath . DumpPrivateKey >${PKEY_8} (echo "-----BEGIN PRIVATE KEY-----" ; openssl enc -in ${PKEY_8} -a; echo "-----END PRIVATE KEY-----") >${PKEY_64} openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export #rm ${PKEY_8} ${PKEY_64} ${CERT_64} echo ${CERT_12} {code} Then privatekey.b64 will have the private key you want. Links: http://forum.java.sun.com/thread.jspa?threadID=154587&start=0&tstart=0 http://tjworld.net/software/codesigning/index.html http://www.theserverside.com/discussions/thread.tss?thread_id=22243 http://i-proving.ca/space/Technologies/JBoss/Configuring+JBoss+SSL 2008-06-26 23:51:08.0 2008-06-26 23:51:08.0