Hello Ahmed, I have always used keytool on the web host. Can I run OpenSSL on another client and send the key to the webhost or does OpenSSL have to run on the webhost?
________________________________ From: Ahmed Ashour <asash...@yahoo.com.INVALID> Sent: Wednesday, October 9, 2024 8:01 AM To: users@tomcat.apache.org <users@tomcat.apache.org> Subject: Re: SSL on Tomcat 9 [You don't often get email from asash...@yahoo.com.invalid. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi, On windows, one can use OpenSSL to export the private key and certificate to .p12, then import that to the key store. openssl pkcs12 -export -in fullchain.pem -inkey privatekey.pem -out server.p12 -name tomcatkeytool -importkeystore -deststorepass changeit -destkeystore localhost-rsa.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias tomcat Similar posts in https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fppm.softtek.com%2Fitg%2Fpdf%2Fmanual%2FContent%2FSA%2FInstallAdmin%2Fimport_existing_SSL.htm&data=05%7C02%7Crboyer%40summitcountyutah.gov%7Ca23b98c0ea3b4e2f4d9a08dce86b052d%7C497f0086ed7845149cc43715b1894e4e%7C0%7C0%7C638640793572493089%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QH2sqNJnnDXp%2FUWLKCk0qb4T5GxoxamgRXtAPc6Qwto%3D&reserved=0<https://ppm.softtek.com/itg/pdf/manual/Content/SA/InstallAdmin/import_existing_SSL.htm> and How to import an existing SSL certificate for use in Tomcat | Atlassian Support | Atlassian Documentation | | | | How to import an existing SSL certificate for use in Tomcat | Atlassian ... | | | Hope that helps,Ahmed On Wednesday, October 9, 2024 at 03:47:49 PM GMT+2, Ron Boyer <rbo...@summitcountyutah.gov> wrote: hello, I am trying to renew the SSL certificate from a signing authority. I am running Tomcat 9. I understand that I have to import PKCS #12 certificate. I seem to be able to make one, but I don't think it is correct. My signing authority, GoDaddy, will let me download a crt and pem file. From the server.xml file I see there is only one entry that points to the keystore of a PKCS #12 key. I don't know whether I need to import the certificate with keytool or using the certificate snap-in with Windows Management Console. Any advice?
