Importing existing SSL key and certificate for tomcat

  1. Convert key and cert to a single pkcs12 format.

    openssl pkcs12 -export -inkey <pathto>/key.txt -in <pathto>/cert.txt -out cert.pkcs12

  2. Remove existing tomcat aliased PrivateKeyEntry from cacerts.

    keytool -delete -alias tomcat -keystore <pathto>/cacerts

  3. Use java-1.6 keytools to import PKCS12 keystoretype into existing cacerts keystore file.

    keytool -importkeystore -destkeystore cacerts -srckeystore cert.pkcs12 -srcstoretype PKCS12

  4. Note the alias of the newly imported PrivateKeyEntry, which would normally be 1.

    keytool -list -keystore <pathto>/cacerts | grep PrivateKeyEntry

  5. Change the alias to tomcat.

    keytool -changealias -alias 1 -destalias tomcat -keystore <pathto>/cacerts

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


This was helpful!