Ask a Question

Move a certificate from Apache to Tomcat


Export certificate from Apache

Import certificate into Tomcat

Export certificate from Apache to Tomcat


To move a certificate from Apache to Tomcat please do the following:

1. Switch the Certificate from Apache format to Tomcat 5.x format by issuing the following command using OpenSSL:

openssl pkcs12 -export -in YourThawteSSLCert.crt -inkey YourPrivateKey.key -out mycert.p12 -name tomcat -CAfile YourIntermediateCertificate.cer -caname root -chain

YourIntermediateCertificate.cer is the Thawte Intermediate CA available for download here: INFO1384

YourThawteSSLCert.crt is your current openssl certificate.

YourPrivateKey.key is your current private key.
The exported keystore will be in 'mycert.p12' 
Configuring Tomcat to use the new p12 file

1.  Open %TOMCAT_HOME/conf/server.xml in XML or text editor
2.  Uncomment the SSL Connector if it is not uncommented already
3.  Add the following attributes:

keystoreFile=”c:\PATH TO CERT.p12” keystorePass=”PASSWORD HERE

4.  Restart Tomcat

Point the browser to https://localhost:8443. If it doesn’t load look in the log files to identify the problem.

Note: PKCS12 keystore type is only supported with JDK 1.5.x+

If this fails and you cannot get Tomcat to use the Apache key and certificate you will need to generate a new key and CSR for Tomcat and replace your certificate directly for the Tomcat software as shown in solution: SO470