Knowledge Base

Solution

To install an SSL certificate from Microsoft IIS 5, 6, 7 or 8 to Tomcat server, perform the following steps.

Step 1:  Export the certificate from IIS as a PKCS12 (.pfx file)

• Click here for steps to export the certificate along with the private key from IIS 5, 6, 7 or 8
   

Step 2:  Configure PKCS12 (.pfx) file on Tomcat server

1. Open %TOMCAT_HOME/conf/server.xml in XML or text editor
2. Find the following lines:
   
   <!--
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
   maxThreads="150" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLS" />
   -->
    
3. Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)
4. Immediately after sslProtocol="TLS" and before />,  add the following attributes:
   
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
   maxThreads="150" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLS"
   keystoreFile=”/path/to/mycert.pfx”
   keystoreType=”PKCS12″
   keystorePass="your_PKCS12_password" />
    
5. Save server.xml
6. Restart Tomcat