Installing pfx SSL certificate in tomcat 8.5 on windows
Solution 1
I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps
Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates
- Access the Search menu. In the search box, type mmc
- From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
- From the list of snap-ins, select Certificates
- Click Add
- Select Computer Account
- Click Next
- Select Local Computer (the computer this console is running on)
- Click Finish
- In the Add/Remove Snap-in window, click OK
- Save these console settings for future use
Step 2: Export/ Back Up the certificate
-
Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates
-
Right-click certificate name > select All Tasks > Export.
-
The Certificate Export Wizard opens > click Next
-
Select Yes, export the private key > click Next
-
Select Personal Information Exchange
-
Ensure to check only Include all certificates in the certificate path if possible > click Next
-
Enter and confirm a password > click Next
-
Choose a file name and location for the export file > click Next
-
Click Finish
Step 3: Configure PKCS12 (.pfx) file on Tomcat server
-
Open %TOMCAT_HOME/conf/server.xml in XML or text editor
-
Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
-
Delete the comment markers at the beginning of the code (
<!--
) and at the end of the code (-->
) -
Immediately after sslProtocol="TLS" and before />, add the following attributes:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />
-
Save server.xml
-
Restart Tomcat
Hope it will help somebody :)
Solution 2
Please convert the PFX file into a Tomcat compatible format . The command is given below
Keytool -importkeystore -srckeystore server.pfx -srcstoretype pkcs12 -destkeystore tomcat.jks -deststoretype jks
The tomcat.jks file directives can be provided in the server.xml file of tomcat.
![Milind](https://i.stack.imgur.com/oVYgP.jpg?s=256&g=1)
Milind
IT PROFESSIONAL Offering a sterling experience of over 12 years across the industry Technically sophisticated & astute professional with an experience of over 12 years, currently spearheading as Senior System Analyst with PLEXUS Information Systems & Computers Company K.S.C.C, Kuwait. Expertise in SharePoint Administration and Development, Database Management, Software Development, System Analysis, Web Based Applications, Client Server Applications. Experienced in handling various projects from the feasibility to the implementation stage while handling research & requirement analysis. Equipped with the knowledge and experience in computerizing a complete organization from Infrastructure setup to Software Development and Implementation and Network Management and support.
Updated on July 21, 2022Comments
-
Milind almost 2 years
I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows