How to Install Certificates on Tomcat KeyStore

Convert .PFX to JKS Keystore for Tomcat Server.

Using the pfx file in the IIS folder from your zip file, make sure to replace the domain-com with your own domain-name and 123456 with your own password:
keytool -importkeystore -srckeystore domain-com.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass 123456 -destkeystore domain-com.jks -deststoretype jks -deststorepass 123456 -destalias server

Your keystore file (domain-com.jks) is now ready to be used on your Tomcat Server. Now, you need to configure your server to use it.

Note:
You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. "server") that you used to generate your CSR. If you try to install it to a different keystore, the install command in the next step will not work.

Configuring your SSL Connector

Before Tomcat can accept secure connections, you need to configure an SSL Connector.

  1. In a text editor, open the Tomcat server.xml file. The server.xml file is usually located in the conf folder of your Tomcat's home directory.
  2. Locate the connector that you want to use the new keystore to secure. Usually, a connector with port 443 or 8443 is used, as shown in step 4.
  3. If necessary, uncomment the connector. To uncomment a connector, remove the comment tags (<!-- and -->).
  4. Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:
    <Connector <strong>port="443"</strong> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" <strong>SSLEnabled="true"</strong> clientAuth="false" sslProtocol="TLS"<strong>keyAlias="server" keystoreFile="/home/user_name/domain-com.jks" keystorePass="123456"</strong> />
    Note: Replace the user_name in code with your username, domain-com with your own domain name, 123456 with your own password. If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".
  5. Save your changes to the server.xml file.
  6. Restart Tomcat.
  • JKS, Tomcat
  • 1566 Users Found This Useful
Was this answer helpful?

Related Articles

Nginx SSL Installation Instructions

In Nginx webserver will the file in NGINX folder be used(which you find in the SSL zip file from...

Apache SSL Installation Instructions

Upload the SSL file in Apache folder which you downloaded from your account to /etc/ssl/. Open...