Export SSL Certificate from IIS and Import into Tomcat

By | February 18, 2010

Recently we encountered a need to export our wild card certificate from a Windows IIS server and use it in a Tomcat Server. The internet turned up very few results, many of which were incomplete.

Here’s how I did it.

Note: This assumes IIS6.1(Server 2003) but will similarly work with IIS5 and 7+

1) Export the Certificate

Open IIS Management Console

Start –> Administrative Tools –> Internet Information Services (IIS) Manager

Navigate to the site which contains the SSL certificate you want to export

Right click on the site and choose properties

Go to the Directory Security Tab and press the Server Certificate… button

Click Next on the welcome screen

Select the option “ Export the current certificate to a .pfx file

Select a name and location and click next

Type in the password for the file and remember it!

Click OK

Close out of the wizard.


2) Import into Tomcat

Copy the certificate the a directory of your choice on the server running Tomcat

Open up your server.xml file in your text editor, normally located at %TOMCAT_HOME/conf/server.xml

Uncomment out the SSL connector portion if you have not already done so

Add the following lines near the bottom of the SSL Connector portion

keystoreFile=”/usr/local/wherever/domaincert.pfx” keystorePass=”PasswordICreatedAbove”

Save server.xml

Restart the tomcat service


3) Verify Functionality

Point your web browser to https://hostname.domain.com:8443 and verify it works.



This should work for both Tomcat on a Linux or Windows Box

There you have it. Pretty straight forward and simple.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.