Installing updated PFX wildcard into tomcat keystore

StackOverflow https://stackoverflow.com/questions/23271327

  •  09-07-2023
  •  | 
  •  

Question

So I have a customer that has a pfx wildcard certificate for his organization *.company.com. I need to get the certificate into the tomcat keystore for our software that uses Tomcat Apache 7. Do I need to convert this pfx file to pem files in order to do this?

It confuses me more because I'm so used to doing SSL just with creating the keystore, generating the CSR, submitting, and installing but since the first three steps are done now I just don't want to screw up the keystore (obviously will make a backup).

Any help would be great, feel free to ask me more questions though as I'm sure I left out important details.

Was it helpful?

Solution

Found some documentation around the web and some pointed to having to extract the keys out of the PFX/PKCS12 format and convert to JKS (Java Keystore). But I also saw some documentation that suggests just entering the keystore file as the pfx file. So I tried that and worked.

keystoreFile="certificate.pfx" keystorePass="yourpassword" keystoreType="PKCS12"

It's important to set PKCS12 as the keystore type as by default I believe Tomcat is looking for JKS formats.

Hope this helps someone out in the future.

OTHER TIPS

Tomcat does not allow blank password certs so if you have a cert with a blank password (i.e. certify the web) you need to follow the directions here to add a password.

https://community.digicert.com/en/forums.topic.html/change-password-for-pfx-file.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top