The only thing you have to do is running the java keytool utily with following command:
keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom