Tuesday, December 13, 2011

how to manage SSL certificates for Tomcat using IIS tools

I worked in a shop where Windows & IIS servers dominates the operations. A few third-party applications were hosted by Tomcat, which terminates SSL connection as well. 

Engineers loathe the use of keytool, a java utility to manage certificate and keys. 

I first found that it is relatively easy to convert keystores from the SUNW format used by keytool to PKCS#12 (.pfx) format used by IIS, and back. 
This means one can easily follow normal procedures to obtain a new certificate and export it to .pfx format.

After tinkering with it a bit, I read the tomcat doc. It seems that Tomcat (at least for v6) can support PKCS12 format directly.