Ask a Question

Solution ID : SO25397

Last Modified : 05/02/2018

How to move an SSL certificate from Microsoft IIS 6.0, 7.x or 8.0 to Tomcat server

Problem

Move a certificate from Microsoft IIS 6.0, 7.x or 8.0 to Tomcat server.

Solution

To install an SSL certificate from Microsoft IIS 6.0, 7.x or 8.0 to Tomcat server, perform the following steps.

Step 1:  Export the certificate from IIS as a .PKCS12 (.pfx file)

  • Export the certificate along with the private key from IIS 6.0, 7.x or 8.0. Refer to Solution ID: SO25399
     

Step 2:  Configure PKCS12 (.pfx) file on Tomcat server

  1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor
  2. Find the following lines:

    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    -->

     
  3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)
  4. Immediately after sslProtocol="TLS" and before />,  add the following attributes:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="/path/to/mycert.pfx"
    keystoreType="PKCS12"
    keystorePass="your_PKCS12_password" />

     
  5. Save server.xml
  6. Restart Tomcat