Installing pfx SSL certificate in tomcat 8.5 on windows

Question

I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows

Answer 1

I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates

1. Access the Search menu. In the search box, type mmc
2. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
3. From the list of snap-ins, select Certificates
4. Click Add
5. Select Computer Account
6. Click Next
7. Select Local Computer (the computer this console is running on)
8. Click Finish
9. In the Add/Remove Snap-in window, click OK
10. Save these console settings for future use

Step 2: Export/ Back Up the certificate

1. Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates

2. Right-click certificate name > select All Tasks > Export.

3. The Certificate Export Wizard opens > click Next

4. Select Yes, export the private key > click Next

5. Select Personal Information Exchange

6. Ensure to check only Include all certificates in the certificate path if possible > click Next

7. Enter and confirm a password > click Next

8. Choose a file name and location for the export file > click Next

9. Click Finish

Step 3: Configure PKCS12 (.pfx) file on Tomcat server

1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor

2. Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)

   <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)

4. Immediately after sslProtocol="TLS" and before />, add the following attributes:

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />

5. Save server.xml

6. Restart Tomcat

Hope it will help somebody :)

Answer 2

Please convert the PFX file into a Tomcat compatible format . The command is given below

Keytool -importkeystore -srckeystore server.pfx -srcstoretype pkcs12 -destkeystore tomcat.jks -deststoretype jks

The tomcat.jks file directives can be provided in the server.xml file of tomcat.