Installing pfx SSL certificate in tomcat 8.5 on windows

Solution 1

I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates

1. Access the Search menu. In the search box, type mmc
2. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
3. From the list of snap-ins, select Certificates
4. Click Add
5. Select Computer Account
6. Click Next
7. Select Local Computer (the computer this console is running on)
8. Click Finish
9. In the Add/Remove Snap-in window, click OK
10. Save these console settings for future use

Step 2: Export/ Back Up the certificate

1. Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates

2. Right-click certificate name > select All Tasks > Export.

3. The Certificate Export Wizard opens > click Next

4. Select Yes, export the private key > click Next

5. Select Personal Information Exchange

6. Ensure to check only Include all certificates in the certificate path if possible > click Next

7. Enter and confirm a password > click Next

8. Choose a file name and location for the export file > click Next

9. Click Finish

Step 3: Configure PKCS12 (.pfx) file on Tomcat server

1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor

2. Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)

   <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)

4. Immediately after sslProtocol="TLS" and before />, add the following attributes:

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />

5. Save server.xml

6. Restart Tomcat

Hope it will help somebody :)

Solution 2

Please convert the PFX file into a Tomcat compatible format . The command is given below

Keytool -importkeystore -srckeystore server.pfx -srcstoretype pkcs12 -destkeystore tomcat.jks -deststoretype jks

The tomcat.jks file directives can be provided in the server.xml file of tomcat.

Author by

Milind

IT PROFESSIONAL Offering a sterling experience of over 12 years across the industry Technically sophisticated & astute professional with an experience of over 12 years, currently spearheading as Senior System Analyst with PLEXUS Information Systems & Computers Company K.S.C.C, Kuwait. Expertise in SharePoint Administration and Development, Database Management, Software Development, System Analysis, Web Based Applications, Client Server Applications. Experienced in handling various projects from the feasibility to the implementation stage while handling research & requirement analysis. Equipped with the knowledge and experience in computerizing a complete organization from Infrastructure setup to Software Development and Implementation and Network Management and support.

Updated on July 21, 2022