POKE ME IN THE EYE!  Two days of searching though every article in the world with scattered bits and pieces of a total solution that really does not require much.  So let me save you the headache.

This article applies to you if:

1)You have a certificate that is or can be exported in the .pfx or .p12 format and you know the private key password
2)You have and apache tomcat web server where you need to import the certificate for SSL

Okay, so here goes...

1) Obtain the .pfx file from you IIS server, Exchange Server, or whatever by going to the certificates snap-in, right click on the cert under the Computer's Personal Store (Certificates Snapin MMC --> Local Computer).

2) You always can tell if it is in the correct format to be exported in this way because it will have the key in the icon:


4) Answer yes when asked if you want to export private key

5) Probably don't want to delete private key after if you will ever need to do this again.

6) You will be asked to for the private key password, you should have that in your records.

7) Finish the wizard and go get your .pfx file.

8) To convert to a .p12, simply change the extention from .pfx to .p12 (yes, that works).

9) Copy it over to the Apache Tomcat server.  Let use the example of d:\Cert\YOURCERTFILE.P12.

10) In your server.xml file in the "conf" folder on Tomcat, find the Connector port section, you will need the following changes:

11) Restart Tomcat

Please Click the link below to submit questions:

Submit a Question


Written by Koren M. Archibald of WTI Networks