Search code examples
tomcatsslkeystoreprivate-keycsr

How to create keystore with myserver.key after receiving crt from Certificate Authority

I created a private key and csr file with the following command

openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr

The two files outputted are

  • myserver.key
  • server.csr

I uploaded the server.csr file to Network Solutions and got back 4 "crt" files.

  • AddTrustExternalCARoot.crt
  • OV_NetworkSolutionsOVServerCA2.crt
  • OV_USERTrustRSACertificationAuthority.crt
  • STAR.{mydomain}.CA.CRT

How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server.xml file.

Solution

  • Probably easiest way:

    1. Download KeyStore Explorer
    2. Start KSE and select "Create a new KeyStore", choose "JKS"
    3. Select "Import Key Pair" in the "Tools" menu, choose "PKCS#8". Unselect "Encrypted Key", browse to "myserver.key" as the private key file and "STAR.{mydomain}.CA.CRT" as the certificate file.
    4. After the key pair entry is created, right click on it, select "Edit certificate chain" and append the two "OV" certificates.
    5. Save the keystore and make sure to use the same password for the keystore and the key pair.
    6. Add keystoreFile="..." keystorePass="..." to the <Connector> tag for the SSL port (default 8443) in your server.xml