Tomcat Ssl Keystore

  1. Tomcat 9 Ssl Keystore
  2. Tomcat Keystore List
  3. Tomcat Ssl Keystore Type

Convert .PFX to JKS Keystore for Tomcat Server.

Tomcat Ssl Keystore

In a text editor, open the Tomcat server.xml file. The server.xml file is usually located in the conf. Configuring Tomcat To Use SSL PART I - The Keystore. Step 1 - Creating the Keystore. The first step to enabling SSL on your server is to create and edit this file. Step 2 - Creating the Certificate Signing Request. Now that you've created your keystore, it's time to create a file.

Tomcat SSL or HTTPS Configuration Example Secure Socket Layer (SSL) is a secure transfer protocol used for communication on the Internet using cryptographic methods. The main purpose of the SSL protocol is to guarantee that no one can tamper with the communication between a browser and the server where the web application is deployed. A Step-By-Step Guide to Securing a Tomcat Server With LetsEncrypt or Any SSL Certificate Step 1 — Prerequisites. Running Centos system with sudo privileges shell access. A domain name registered and pointed to. Step 2— Install Certbot (O). The certbot package is provided by EPEL.

Keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file name of the root certificate Update the server.xml file with the correct keystore location in the Tomcat directory. The HTTPS connector is commented out by default.

Using the pfx file in the IIS folder from your zip file, make sure to replace the domain-com with your own domain-name and 123456 with your own password:
keytool -importkeystore -srckeystore domain-com.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass 123456 -destkeystore domain-com.jks -deststoretype jks -deststorepass 123456 -destalias server

Your keystore file (domain-com.jks) is now ready to be used on your Tomcat Server. Now, you need to configure your server to use it.

You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. 'server') that you used to generate your CSR. If you try to install it to a different keystore, the install command in the next step will not work.


Configuring your SSL Connector

Before Tomcat can accept secure connections, you need to configure an SSL Connector.

  1. In a text editor, open the Tomcat server.xml file. The server.xml file is usually located in the conf folder of your Tomcat's home directory.
  2. Locate the connector that you want to use the new keystore to secure. Usually, a connector with port 443 or 8443 is used, as shown in step 4.
  3. If necessary, uncomment the connector. To uncomment a connector, remove the comment tags (<!-- and -->).
  4. Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:
    <Connector <strong>port='443'</strong> maxHttpHeaderSize='8192' maxThreads='150' minSpareThreads='25' maxSpareThreads='75' enableLookups='false' disableUploadTimeout='true' acceptCount='100' scheme='https' secure='true' <strong>SSLEnabled='true'</strong> clientAuth='false' sslProtocol='TLS'<strong>keyAlias='server' keystoreFile='/home/user_name/domain-com.jks' keystorePass='123456'</strong> />
    Note: Replace the user_name in code with your username, domain-com with your own domain name, 123456 with your own password. If you are using a version of Tomcat prior to Tomcat 7, you need to change 'keystorePass' to 'keypass'.
  5. Save your changes to the server.xml file.
  6. Restart Tomcat.
  • JKS, Tomcat
  • 1566 Users Found This Useful
Tomcat Ssl Keystore

Related Articles

Nginx SSL Installation Instructions Tomcat Ssl Keystore

Tomcat 9 Ssl Keystore

In Nginx webserver will the file in NGINX folder be used(which you find in the SSL zip file from...

Tomcat Keystore List

Apache SSL Installation Instructions

Upload the SSL file in Apache folder which you downloaded from your account to /etc/ssl/. Open...

An SSL certificate was required for one of our customers. The SSL certificate was to be used with a Tomcat server, but I decided to give the customer the flexibility to re-use this certificate on a different webserver if needed. This meant I used openssl to generate the certificate and then created a pkcs12 keystore.

Create the private key and certificate request

Create the certificate key

Remove the passphrase from the key

Create the Certificate request

Tomcat Ssl Keystore Type

Create the Keystore file for use with tomcat and keytool

Tomcat Ssl Keystore

I had some trouble getting this to work. This is a very simple procedure when working with certs signed by GoDaddy, but certs from Verisign needed some extra hand-holding. There is some information on how to do this is found at

I did not follow the instructions on this site. I ended up creating a keystore in the pkcs12 format instead of the default jks format. This site above does have instructions for converting a pkcs12 keystore to a jks format, if you require.

The signed certificate was downloaded to The Secure Site with EV Root bundle was downloaded to intermediate.crt. When I first attempted to create the keystore file, I received the error below

Now the interesting thing about this error is that if you attempt a openssl verify using both cert file and intermediate.crt, it does not complain and gives the “OK” message. After a bit of testing, I found that you need to make a new CAfile to be used, that combines the cacerts file from the openssl distribution and the intermediate.crt file.

This successfully created the keystore file. You can look at the contents of the keystore by running