Installing pfx SSL certificate in tomcat 8.5 on windows

7
votes

I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows

2
javawindowstomcatopensslpfx
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask.jww

2 Answers

23
votes

I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates

  1. Access the Search menu. In the search box, type mmc
  2. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
  3. From the list of snap-ins, select Certificates
  4. Click Add
  5. Select Computer Account
  6. Click Next
  7. Select Local Computer (the computer this console is running on)
  8. Click Finish
  9. In the Add/Remove Snap-in window, click OK
  10. Save these console settings for future use

Step 2: Export/ Back Up the certificate

  1. Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates

  2. Right-click certificate name > select All Tasks > Export.

  3. The Certificate Export Wizard opens > click Next

  4. Select Yes, export the private key > click Next

  5. Select Personal Information Exchange

  6. Ensure to check only Include all certificates in the certificate path if possible > click Next

  7. Enter and confirm a password > click Next

  8. Choose a file name and location for the export file > click Next

  9. Click Finish

Step 3: Configure PKCS12 (.pfx) file on Tomcat server

  1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor

  2. Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)

    <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

  3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)

  4. Immediately after sslProtocol="TLS" and before />, add the following attributes:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />

  5. Save server.xml

  6. Restart Tomcat

Hope it will help somebody :)

4
votes

Please convert the PFX file into a Tomcat compatible format . The command is given below

enter image description here

Keytool -importkeystore -srckeystore server.pfx -srcstoretype pkcs12 -destkeystore tomcat.jks -deststoretype jks

The tomcat.jks file directives can be provided in the server.xml file of tomcat.