Recently we encountered a need to export our wild card certificate from a Windows IIS server and use it in a Tomcat Server. The internet turned up very few results, many of which were incomplete.
Here’s how I did it.
Note: This assumes IIS6.1(Server 2003) but will similarly work with IIS5 and 7+
1) Export the Certificate
Open IIS Management Console
Start –> Administrative Tools –> Internet Information Services (IIS) Manager
Navigate to the site which contains the SSL certificate you want to export
Right click on the site and choose properties
Go to the Directory Security Tab and press the Server Certificate… button
Click Next on the welcome screen
Select the option “ Export the current certificate to a .pfx file
Select a name and location and click next
Type in the password for the file and remember it!
Click OK
Close out of the wizard.
2) Import into Tomcat
Copy the certificate the a directory of your choice on the server running Tomcat
Open up your server.xml file in your text editor, normally located at %TOMCAT_HOME/conf/server.xml
Uncomment out the SSL connector portion if you have not already done so
Add the following lines near the bottom of the SSL Connector portion
keystoreFile=”/usr/local/wherever/domaincert.pfx” keystorePass=”PasswordICreatedAbove”
keystoreType=”PKCS12″
Save server.xml
Restart the tomcat service
3) Verify Functionality
Point your web browser to https://hostname.domain.com:8443 and verify it works.
This should work for both Tomcat on a Linux or Windows Box
There you have it. Pretty straight forward and simple.
ENJOY!