Ask a Question

How to move an SSL certificate from Microsoft IIS 6.0, 7.x or 8.0 to Tomcat server

Solution

To install an SSL certificate from Microsoft IIS 6.0, 7.x or 8.0 to Tomcat server, perform the following steps.

Step 1:  Export the certificate from IIS as a .PKCS12 (.pfx file)

  • Export the certificate along with the private key from IIS 6.0, 7.x or 8.0. Refer to Solution ID: SO25398
     

Step 2:  Configure PKCS12 (.pfx) file on Tomcat server

  1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor
  2. Find the following lines:

    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    -->

     
  3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)
  4. Immediately after sslProtocol="TLS" and before />,  add the following attributes:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile=”/path/to/mycert.pfx”
    keystoreType=”PKCS12″
    keystorePass="your_PKCS12_password" />

     
  5. Save server.xml
  6. Restart Tomcat