How to Generate Keystore File for Tomcat

This article guides you through the steps to configure Tomcat to use HTTPS (in this example port 8443) secure communication.

Note

This guide requires the keytool utility that is part of the Java runtime/SDK package.

Important

The .pfx file in use in the following chapters must have a password set!

Generating Keystore

  1. Copy the pfx file to the server.
  2. Open command prompt and navigate to the folder where the .pfx located.

  3. Execute the following command to check the certificate in the .pfx:

    keytool -list -v -keystore [.pfx name].pfx -storetype PKCS12 | more

  4. For a non-wildcard certificate, execute this command to generate the keystore file by importing the certificate(s) and specifying the aliases:

    keytool -importkeystore -srckeystore [.pfx name].pfx -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS -srcalias [Alias name e.g.: le-webserver...] -destalias [key alias]

  5. For a wildcard certificate, execute this command to generate the keystore file by importing the certificate(s):

    keytool -importkeystore -srckeystore [.pfx name].pfx -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

  6. Copy the created .jks file to the ...\Tomcat\Conf folder

  7. Open ...\Tomcat\conf\server.xml and modify the following part:

    <Connector
     port="8443"
     protocol="org.apache.coyote.http11.Http11NioProtocol"
     acceptCount="200"
     maxThreads="300"
     SSLEnabled="true"
     scheme="https"
     secure="true"
     clientAuth="false"
     keystoreFile="[path to]\Tomcat\conf\keystore.jks"
     keystorePass="[keystore password]"
     keyPass="[keystore file password]"
     keyAlias="[Key alias]"
     SSLProtocol="TLS"
 />

  8. Start the Tomcat apps. For Contact Expert this is done using CE Server Manager.

Sorry, your browser does not support inline SVG. article updatedarticle updated6/23/2020 9:06:55 AM (UTC)6/23/2020 9:06:55 AM (UTC)