How to Install Certificates on Tomcat KeyStore

Convert .PFX to JKS Keystore for Tomcat Server.

Using the pfx file in the IIS folder from your zip file, make sure to replace the domain-com with your own domain-name and 123456 with your own password:
keytool -importkeystore -srckeystore domain-com.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass 123456 -destkeystore domain-com.jks -deststoretype jks -deststorepass 123456 -destalias server

Your keystore file (domain-com.jks) is now ready to be used on your Tomcat Server. Now, you need to configure your server to use it.

You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. "server") that you used to generate your CSR. If you try to install it to a different keystore, the install command in the next step will not work.

Configuring your SSL Connector

Before Tomcat can accept secure connections, you need to configure an SSL Connector.

  1. In a text editor, open the Tomcat server.xml file. The server.xml file is usually located in the conf folder of your Tomcat's home directory.
  2. Locate the connector that you want to use the new keystore to secure. Usually, a connector with port 443 or 8443 is used, as shown in step 4.
  3. If necessary, uncomment the connector. To uncomment a connector, remove the comment tags (<!-- and -->).
  4. Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:
    <Connector <strong>port="443"</strong> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" <strong>SSLEnabled="true"</strong> clientAuth="false" sslProtocol="TLS"<strong>keyAlias="server" keystoreFile="/home/user_name/domain-com.jks" keystorePass="123456"</strong> />
    Note: Replace the user_name in code with your username, domain-com with your own domain name, 123456 with your own password. If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".
  5. Save your changes to the server.xml file.
  6. Restart Tomcat.
  • JKS, Tomcat
  • 1567 Users Found This Useful
Was this answer helpful?

Related Articles

Some random codes on Apache Reverse Proxy

Check the following codes in case your Reverse Proxy not working properly: Header set...

How to add or change Reverse Proxy in aaPanel?

Log into your aaPanel, go Website>Reverse Proxy>Config do as the following to add a...

Nginx SSL Installation Instructions

In Nginx webserver will the files in NGINX folder be used. Upload the 2 files into /etc/ssl/...

How to deploy SSl certificate in aaPanel?

Once your SSL issued you can easily deploy it on aaPanel. If you don't know how to get your...

IP SSL Deployment on cPanel Server

Combine your key file, Certificate file and Intermediate/Chain files into a file named...