Ask a Question

Advanced Search

Solution ID : SO13682

Last Modified : 05/02/2018

Move a certificate from Apache to Tomcat

Problem

Export certificate from Apache

Import certificate into Tomcat

Export certificate from Apache to Tomcat

Solution

To move a certificate from Apache to Tomcat please do the following:

1. Switch the Certificate from Apache format to Tomcat 5.x format by issuing the following command using OpenSSL:

openssl pkcs12 -export -in YourThawteSSLCert.crt -inkey YourPrivateKey.key -out mycert.p12 -name tomcat -CAfile YourIntermediateCertificate.cer -caname root -chain


 
YourIntermediateCertificate.cer is the Thawte Intermediate CA available for download here: INFO1384

YourThawteSSLCert.crt is your current openssl certificate.

YourPrivateKey.key is your current private key.
 
The exported keystore will be in 'mycert.p12' 
 
Configuring Tomcat to use the new p12 file

1.  Open %TOMCAT_HOME/conf/server.xml in XML or text editor
2.  Uncomment the SSL Connector if it is not uncommented already
3.  Add the following attributes:

keystoreFile=”c:\PATH TO CERT.p12” keystorePass=”PASSWORD HERE
keystoreType=”PKCS12

4.  Restart Tomcat

Point the browser to https://localhost:8443. If it doesn’t load look in the log files to identify the problem.

Note: PKCS12 keystore type is only supported with JDK 1.5.x+

If this fails and you cannot get Tomcat to use the Apache key and certificate you will need to generate a new key and CSR for Tomcat and replace your certificate directly for the Tomcat software as shown in solution: SO470