Extract key from tomcat keystore

If you have several flavours of web servers (tomcat, apache, nginx), and want to add SSL Certificates to them you might have noticed that you need different kind of certificates for your web servers, you can however, add SSL Certificates to all of your web servers with just one.

We’ll extract the key from the tomcat keystore so you can use the same certs on apache or nginx.


You’ll need to have java installed as well as some jar files and a class, download the files and extract them, put everything on the same folder.

Copy your keystore to the machine which has Java installed or you can do it directly on the server, this doesn’t affect the keystore in any way.

execute the following.

java -classpath .:commons-codec-1.4/commons-codec-1.4.jar DumpPrivateKey [keystore file] [keystore password] [keystore alias]

This will return the private key, just copy all the text to a file something.key including.



Sometimes there’s a new line before the END PRIVATE KEY, just remove the line and you are all set.


Commons-codec-1.4-bin.tar.gz (644.8 KiB, 86 downloads)
DumpPrivateKey.tar.gz (1.6 KiB, 80 downloads)


This entry was posted in Apache, Nginx, SSL, tomcat. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *