Step-by-Step instructions on transferring SSL certificate between servers.

Of all of the server to server SSL Certificate transfers, moving from the Java Keystore to OpenSSL is by far the easiest. Comprising just a handful of steps, you’ll be done with this in no time—especially with this step-by-step guide.

Note: It might be easier to just create a new CSR in OpenSSL and then reissue your certificate. But this way works, too.

Moving Your Java Keytool SSL Certificate to OpenSSL

  1. Use the “Keytool” to generate a new private and public key pair.
  2. Using the same “Keytool,” export the new self-signed certificate from PrivateKeyEntry.
  3. Display the details of the certificate using the “Keytool.”
  4. Use “OpenSSL” to view the recently exported certificate.
  5. Enter “” to remove the key pair from the “Keytool” keystore.
  6. Use “OpenSSL” to convert the dumped key pair to Base64.
  7. Use “OpenSSL” to view the key pair and the converted keystore files.

Related Posts


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.