SSL enabling in Tomcat Windows server


I want to enable https on my website which is on a Windows Server 2008 and tomcat 7. I have the following files from a certificate website: .ca, .crt, .pem, .csr, .pkcs

I know that i have to add in tomcat's server.xml the following:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/Tomcat/keystore.jks" keystorePass="password" />

How to get that .jks from those files ?


If your using tomcat 7 newest version you can install the certificate to the windows secure keystore (cert manager) and refer it in the server.xml. In this way you don't need to worry about having the SSL certificate and the passphrase on the physical disk.

To install the cert to cert manager double click the certificate pfx file and follow the wizard steps. You can extract the pfx (refer <a href="https://www.sslshopper.com/article-most-common-openssl-commands.html?jn554906de" rel="nofollow">https://www.sslshopper.com/article-most-common-openssl-commands.html?jn554906de</a>).

This feature is available on tomcat version 7.0.52 or above.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keyAlias="<alias of the cert>" keystoreFile="" keystoreType="Windows-My" clientAuth="false" sslProtocol="TLS" keepAliveTimeout="200000" />


Convert your .pem to a .jks: see <a href="https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html" rel="nofollow">https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html</a>


  • Using decorated OutputStream/InputStream fields in your class
  • Specifying Tomcat 7 to use port 8443 only in Eclipse
  • SSL config for outbound connections doesn't work in websphere-liberty
  • Java SSL picks wrong cert, ignores key usage
  • Change URIEncoding in OpenShift JBoss AS 7
  • Retrieve client cert in Servlet when using mutual authentication?
  • Configuring a Port for Confluence on Google Compute engine
  • Inconsistency between sequences and seqiplot
  • canOpenURL, problems adding site to whitelist
  • Laravel own variable in scope
  • Change ActiveX Command button color back to previous color after clicked
  • Open MvvmCross app via link with data
  • How to launch a web link from within my WebView in a registered app on Android?
  • Way to explode list into arguments?
  • How to ingore a .sql file on build but include it on schema compare
  • Can you tell a php server to abort the execution of a previously running script?
  • Using google maps api behind firewall
  • CXF JAVA message Truncated
  • Enabling or disabling validation upon context
  • Python How to force object instantiation via Context Manager?
  • Monotouch - Issue with QLPreviewController
  • starttls on node.js > 0.4.0
  • How to connect to TLS 1.2 enabled URL with Java [closed]
  • synology php ftp_ssl_connect - Call to undefined function
  • PHPMailer is causing 504 timeout error on my Digital Ocean server using nginx
  • Cast uint -> double invalid?
  • TelephonyManager crashing on android studio
  • What to use (best/good practice) for the secret key in HMAC solution?
  • Set cookie from Web Api 2 IAuthenticationFilter AuthenticateAsync method
  • IIS7 Application Request Routing HTTPS
  • Eclipse MTJ doesn't see Java ME SDK 3.0 devices
  • JBoss External Properties Files in Classpath
  • Mysterious problem with floating point in LISP - time axis generation
  • Bitwise OR returns boolean when one of operands is nil
  • sending mail using smtp is too slow
  • Busy indicator not showing up in wpf window [duplicate]
  • costura.fody for a dll that references another dll
  • Why is Django giving me: 'first_name' is an invalid keyword argument for this function?
  • Binding checkboxes to object values in AngularJs
  • How can I use `wmic` in a Windows PE script?