#Tomcat 8 ssl configuration password
If the password contains &, replace it with & to avoid configuration failure.Īn example command is provided as follows: Enter the password of the JKS certificate and press Enter.Keytool -importkeystore -srckeystore server.pfx -destkeystore server.jks -srcstoretype PKCS12 -deststoretype JKS In the %JAVA_HOME%/jdk/bin directory, run the following command and press Enter:.Copy the server.pfx file generated in 2 to the %JAVA_HOME%/jdk/bin directory.Use Keytool to convert the PFX certificate into a JKS certificate and obtain the server.jks file.If no error information is displayed, the server.pfx file has been generated in the OpenSSL installation directory. Must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters Re-enter the password of the PFX certificate and press Enter.
To improve password security, set the password based on the following rules: Otherwise, the Tomcat service may fail to start. The password of the JKS certificate must be the same as that of the PFX certificate. Record the password of the PFX certificate. The command output is as follows: Verifying - Enter Export Password: Enter the password of the PFX certificate and press Enter.The command output is as follows: Enter Export Password: Openssl pkcs12 -export -out server.pfx -inkey server.key -in Certificate ID_ Domain name bound to the certificate_ server.pem In the bin directory of the OpenSSL installation directory, run the following command to convert the PEM certificate into a PFX certificate and press Enter:.Save the PEM certificate and the private key server.key generated during CSR generation to the bin directory in the OpenSSL installation directory.Use OpenSSL to convert the PEM certificate into a PFX certificate and obtain the server.pfx file.The Certificate ID_ Domain name bound to the certificate_server.pem file contains two segments of certificate codes -BEGIN CERTIFICATE- and -END CERTIFICATE-, which are the server certificate and intermediate CA certificate respectively. Decompress the downloaded certificate package to obtain the Certificate ID_ Domain name bound to the certificate_server.pem file.For more details, see What Are Mainstream Formats of Digital Certificates? You can change the password when converting the certificate format.
To ensure system security, you are advised to change the password. The password file keystorePass.txt contains the initial random password generated by the service.