Nginx证书配置：tomcat证书jks文件转nginx证书.cet和key文件

Nginx证书配置：tomcat证书jks文件转nginx证书.cet和key文件
1.查看jks文件中的entry.
keytool -list -keystore server.jks

Enter keystore password: (这里输入server.jks密码)
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries
inter, Mar 24, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):**************************
tomcat, Mar 24, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): ******************

请注意我特意加粗的那个名字，inter和tomcat，这分别是俩个entry的别名，是srcalias,下文的命令会用到，同时这里需要指出我们是要将那个证书转为nginx的配置。这里选择tomcat。

2.将jks文件导出为Nginx所需要的文件.crt和.key
2.1 将”.jks”转为”.p12”（PKCS12格式的证书库）
keytool -importkeystore -srckeystore oldkeystore.jks -srcalias tomcat -destkeystore newkeystore.p12 -deststoretype PKCS12

查看新格式（pkcs12）证书库
keytool -deststoretype PKCS12 -keystore newkeystore.p12 -list

2.2提取证书
openssl pkcs12 -in newkeystore.p12 -nokeys -clcerts -out server-ssl.crt
openssl pkcs12 -in newkeystore.p12 -nokeys -cacerts -out gs_intermediate_ca.crt

server-ssl.crt是SSL证书，gs_intermediate_ca.crt是中级证书，俩个合并到一起才是nginx服务器所需要的证书

合并证书：cat server-ssl.crt gs_intermediate_ca.crt >server.crt

此时server.crt是一个完成的证书

2.3提取私钥
openssl pkcs12 -nocerts -nodes -in newkeystore.p12 -out server.key

2.4Nginx服务器配置
server {
listen 443 ssl;
server_name www.yourdomain.net;
access_log /path_to_log/access.log;
error_log /path_to_log/error.log;

ssl_certificate /path_to_certificate/server.crt;
ssl_certificate_key /path_to_key/new/server.key;

ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256:AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;

***
}