Installing pfx SSL certificate in tomcat 8.5 on windows

java windows tomcat openssl pfx
Milind picture Milind · Nov 7, 2017 · Viewed 24.1k times · Source

I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows

Answer

Milind picture Milind · Nov 13, 2017

I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates

  1. Access the Search menu. In the search box, type mmc
  2. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
  3. From the list of snap-ins, select Certificates
  4. Click Add
  5. Select Computer Account
  6. Click Next
  7. Select Local Computer (the computer this console is running on)
  8. Click Finish
  9. In the Add/Remove Snap-in window, click OK
  10. Save these console settings for future use

Step 2: Export/ Back Up the certificate

  1. Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates

  2. Right-click certificate name > select All Tasks > Export.

  3. The Certificate Export Wizard opens > click Next

  4. Select Yes, export the private key > click Next

  5. Select Personal Information Exchange

  6. Ensure to check only Include all certificates in the certificate path if possible > click Next

  7. Enter and confirm a password > click Next

  8. Choose a file name and location for the export file > click Next

  9. Click Finish

Step 3: Configure PKCS12 (.pfx) file on Tomcat server

  1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor

  2. Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)

    <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

  3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)

  4. Immediately after sslProtocol="TLS" and before />, add the following attributes:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />

  5. Save server.xml

  6. Restart Tomcat

Hope it will help somebody :)

Related questions

How do I increase memory on Tomcat 7 when running as a Windows Service?

I am trying to run Tomcat 7 as a Windows Service (XP and Windows 7). I see places to set the -Xmx and -Xms jvm args in catalina.bat, but I'm not sure how to do it when using $CATALINA_HOME/bin/…

Read More
How do you know if Tomcat Server is installed on your PC

I am using Windows 7 OS. I just installed jaspersoft server which installed Apache Tomcat and mysql as a bundle along with it. I go to http://localhost:8080 and theres a message that says webpage is not available. I am a …

Read More
specified JRE installation does not exist

I'm trying to launch a server on my tomcat 7 on my eclipse indigo EE and I get the following error: "'starting Tomcat v7.0 server at localhost' has encountered a problem. The specified JRE installation does not exist" I checked the …

Read More