Apache Tomcat SSL Certificate Import

      No Comments on Apache Tomcat SSL Certificate Import

In order to import a certificate to Tomcat it is not obligatory to create csr file from the same server. The csr can even be generated via IIS.

Only prerequisite is to import certificate to same server that csr is generated from. After having imported certificate, an export is generated from server in .pfx format.

IIS Manager -> Server -> Server Certificates -> Export

It is required to have openssl.exe on server. Navigate to path where openssl.exe is located via command prompt.

Then run a serie of two step commands given below in order to convert .pfx to .pem and .pem to .p12.

When “Enter PEM pass phrase” warning appeared, enter the password which had generated during certificate export operation.

openssl pkcs12 –in name_of_certificate.pfx –out name_of_certificate.pem

openssl pkcs12 -export -in name_of_certificate.pem -out name_of_certificate.p12 -name “name of certicifate defined by you”


After having converted .pfx file to .p12, newly generated .p12 certificate file is copied under Tomcat_Installation\Conf\SSL.

Server.xml file which is located in Tomcat_Installation\Conf path is edited like below.

Define keystoreFile=”” and keepass=””

Then, Tomcat service is restarted.

<Connector port=”443″ maxHttpHeaderSize=”131072″ maxThreads=”150″ minSpareThreads=”25″     maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true”     acceptCount=”100″ scheme=”https” secure=”true” SSLEnabled=”true” clientAuth=”false”     sslProtocol=”TLS” keystoreType= “PKCS12″ keystoreFile=”D:\SAP\SAPBusinessObjects\Tomcat6\SSL\cert.p12”     keypass=”Password”/>

Leave a Reply

Your email address will not be published. Required fields are marked *