Posts Tagged ‘command-line’

Converting a PFX file to a Java Keystore & using it w/ Tomcat

So a couple of months ago I had to stand up a DOORS Web Access server for work. It was pretty straight forward except for the creation of a certificate in your Java Keystore and then using it inside of your Tomcat server’s server.xml file.

  To create the Java Keystore file you’ll first need to have downloaded Jetty which will do the command-line magic for you. I downloaded it from the website but you can find it by doing a Google for Jetty keytool. Once downloaded ensure your Java environment is setup correctly by issuing via command-line java -classpath lib/jetty-6.1.1.jar . It should return back w/ usage information letting you know your Java environment is setup for command-line Java execution. Next, put your PFX file in the same directory where you are via command-line and then issue java -classpath lib/jetty-6.1.1.jar <mycert>.pfx <myjavakeystorefile>.jks. You’ll be prompted for the password that allows you to use the PFX file, then you’ll be asked for a password for your JKS file. Once it’s done, you’ll have your Java Keystore and password.

Now, you need to open up your server.xml file and find the SSL part which needs to be modified to point to your Java Keystore file. When I found my server.xml file the https port was changed to 8443 which from what I hear is pretty common. I simply changed mine back to 443 so I wouldn’t have to do any firewall redirection. Now, I simply had to add SSLEnabled="true" keyAlias="server" keystoreFile="C:\path\to\keystore\file\mykeystorefile.jks" keypass="supersecretpasswordwhichI'mnotstupidenoughtoblogabout" . Once I had those attributes correctly set I simply stopped and restarted the Tomcat server.

All credit really goes to DigiCert & Entrust 🙂

Jetty tool kit explained:

Tomcat SSL certificate installation:

Jetty’s website:

quick tips!


Moving lots of data:I do all sorts of networking related stuff and one of the few things I do often are server migrations. So eventually, there comes a time for me to copy a large amount of data from one server to another while maintaining the file permissions and structure. That’s where tar & ssh come into play. If I’m moving a users’ home directory from one server to another I usually use tar & ssh together via a pipe and let it copy off the files perfectly.

tar zcvf - jsmith | ssh "destinations IP" "cd /home/; tar zpxvf -"

Within seconds of the command starting off, you’ll be asked for the password for your ssh session. Then, the data will get flung across the network to the destination folder. Works great!

Verifying Apache Configuration:When adding additional Virtual Hosts to your Apache config file it’s nice to make sure they’ve been picked up correctly (or! that you’ve modified the right httpd.conf file!) A simple way of letting Apache tell you what it’s going to use is via the -t option.

httpd -t -D DUMP_VHOSTS

It parses the running configuration and dumps the virtual hosts a nice readable format. You can also use “DUMP_MODULES” to see a list of the modules it will use which can be useful for whether or not that database module is going to be loaded or not.

MySQL database dump:It never fails, when doing a migration you’re going to need to dump your databases from a MySQL DB into another DB on your newer system. If they’re the same version however you can run mysqldump w/ a couple command-line switches and then import them on the new server.

mysqldump -u root -p --databases "your DB here" > dbfilename.sql

After you’ve moved your database file to the new server you can then import it in via:

mysql -u root -p -D "your DB here" < /path/to/dbfilename.sql

Keep in mind, we’re assuming you’ve already created the database inside your new MySQL server and will assign it proper permissions so your end user can connect to it!

Just a couple quickies for today’s post.

As always, a couple useful links:

Return top
Icons made by Freepik from is licensed by CC BY 3.0