Elavarasan,
On 10/6/23 06:32, Elavarasan Pugazhendi wrote:
Hi,
I have a pfx certificate and am trying to import it into a keystore before
configuring it within the tomcat but not able to add the pfx certificate. I
followed the below steps but wasn't able to add the certificate
Tomcat: 9.0.62
OS: RHEL 8
1. keytool -genkey -alias tomcat.net -keyalg RSA -keystore tomcat.jks
Entered the Q&A .
2. Using the pfx file. I create .crt and .key file using the below command
openssl pkcs12 -in crt.pfx -nocerts -out mykey.key
openssl pkcs12 -in crt.pfx -clcerts -nokeys -out mycert.crt
3. export certificate
openssl pkcs12 -export -in mykey.key -chain -CAfile crt.pfx -name
otomcat.net -out tomcat.jks
This last one won't work, at least not the way you expect. openssl can't
create a JKS file, only PKCS12 / p12 / pfx. By using the openssl pkcs12
-export command above, you will likely destroy your tomcat.jks file or
just get a failure.
It's not entirely clear what you are trying to do. Are you trying to
create a self-signed certificate, or are you trying to get your server
certificate signed by a Certificate Authority?
If you just need a self-signed cert, then your first command should be
sufficient -- just remember to set certificateAlias="tomcat.net" if you
use that alias when creating your initial file. I would recommend using.
a PKCS12 file when originally creating the keystore, just because JKS
isn't supported by anything other than Java. All you need to do is make
sure you have "-keystoretype PKCS12". With your version of Java, that
may be the default already, but it doesn't hurt to be specific.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org