Extract .key and .crt files from JKS file

JKS file is a Java keystore. Using the Java keytool program, run the following commands

Export the .der file

keytool -export -alias sample -file sample.der -keystore my.jks

Convert the .der file to unencrypted PEM (crt file)

openssl x509 -inform der -in sample.der -out sample.crt

Export the .p12 file

keytool -importkeystore -srckeystore my.jks -destkeystore keystore.p12 -deststoretype PKCS12

Convert the .p12 file to unencrypted PEM (key file)

openssl pkcs12 -in keystore.p12 -nodes -nocerts -out server.key


More info here: http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/

Install SSL certificates on Nginx

This article show how the SSL certificates purchased from Comodo can be deployed on a server running Nginx

You must have the server.key file (Private Key that was generated with the CSR code that used to activate/purchase the certificate.

You also have these two files, *.crt and *.ca-bundle, that must have been sent to you as a zip archive from Comodo. Combine these file into a chain file

cat mydomain.crt mydomain.ca-bundle >> chain.crt

Now copy this chain.crt file and the server.key file to the nginx server in a folder that is readable by Nginx.

Edit nginx.conf file, and add the following 4 lines

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/chain.crt;
ssl_certificate_key /etc/ssl/server.key;