Hello list, I'm trying to install the certificates I bought from GoDaddy into my Tomcat server, however so far I've been unsuccessful to achieve this.
My system specs are: OS: Amazon Linux (fully updated) Tomcat version: 8.0.32, installed from the repos Java version: $ java -version openjdk version "1.8.0_91" OpenJDK Runtime Environment (build 1.8.0_91-b14) OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) To install the certificates I followed this tutorial from GoDaddy website: https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 which explains how to create a KeyStore and configure the <Connector> in the server.xml file. Now, judging from the official Tomcat documentation in https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I first need to conver the .crt files provided by GoDaddy to PKCS12 format -- I wonder then why the instructions in GoDaddy's website state other thing! But then I read this piece of documentation that left me completely bewildered: To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain In this example there's a reference to a 'mykey.key' file that I don't have a clue how to obtain it or from where it comes since when I download the certificates provided by GoDaddy, there's no such .key file: I can download several different types of certificates in .crt format but there isn't any .key file to download. I tried contacting their support and well, they weren't any helpful at all, they pointed me to the repository where all the certificates are stored and told me to 'find someone that knows how to handle them' -- thanks for nothing :( Finally I want to say that I have Tomcat running smooth at port 8080, I even configured an administrator user to access the status page which works perfectly, my problem is that I just can't find how to properly install and configure the SSL. What I'm not sure though is what part or steps I'm missing, I believe this has to be much more simpler that it's been so far for me but seriously I can't wrap my mind around it. Thank you very much for taking the time to read this n00b's help scream. Best regards, -Conor
