Creating a SSL certificate from a request / response pair

Question

I am in possession of the following and am attempting to create an SSL certificate to be used on an Apache Tomcat server. Usually I would generate the certificate request using keytool. However, in this case the request / response pair was pre-generated by others. Any suggestions on tooling and / or approach to accomplish this having the 3 pieces of data below?

Thanks!

-----BEGIN CERTIFICATE----- MIIFnzCCBIegAwIBAgIRAKAhdt0HU4a0O4MarQ4DGZMwDQYJKoZIhvcNAQEFBQAw ...... -----END CERTIFICATE-----

-----BEGIN CERTIFICATE REQUEST----- MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIEwZRdWViZWMxETAP ...... -----END CERTIFICATE REQUEST-----

-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDLfVeHiO1dCPpQYQI3X1gCVnMStitrdu7OI6iY23NowBBcwbCZ .... -----END RSA PRIVATE KEY-----

Answer 1

We use this bit of java http://www.comu.de/docs/tomcat_ssl/comu/ImportKey.java and something like this. Start with your three examples in separate files with .crt, .csr and .key as the extensions.

CSRFILE="$1" # the certificate request file BASE="${CSRFILE%.csr}" CRTFILE="$BASE.crt" # the certificate file CRTDER="$CRTFILE.der" KEYFILE="$BASE.key" # the private key file KEYPKCS="$KEYFILE.pkcs8" KEYSTORE="$BASE.keystore" openssl x509 -in $CRTFILE -out $CRTDER -outform der openssl pkcs8 -in $KEYFILE -out $KEYPKCS -topk8 -nocrypt -outform der java -Dkeystore="$KEYSTORE" comu.ImportKey $KEYPKCS $CRTDER tomcat keytool -storepasswd -new changeit -storepass "" -keystore $KEYSTORE keytool -keypasswd -keystore $KEYSTORE -keypass "" -new changeit -storepass changeit -alias tomcat 

The chunk of BLAH=foo stuff is get everything into variables. the first two openssl commands convert the certificate and key into the binary format the Java stuff likes. The java command creates a java/tomcat friendly keystore, and the two keytool commands set the password the way tomcat seems to like it out of the box.