Hi. I need update the SSL certificate in Tomcat 6.x.
First I did: 1) Generate keystore keytool -genkeypair -alias repository -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore /usr/local/tomcat6/keystore/keystore2015.jks 2) Generate CSR keytool -certreq -alias repository -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore /usr/local/tomcat6/keystore/keystore2015.jks -file /usr/local/tomcat6/keystore/request.csr after: 3) Install intermediate certificate keytool -import -alias intermed -keystore /usr/local/tomcat6/keystore/keystore2015.jks -trustcacerts -file intermed.crt 4) Install SSL certificate keytool -import -alias server -keystore /usr/local/tomcat6/keystore/keystore2015.jks -trustcacerts -file www.domain.com.crt I restarted Tomcat and he listen on 8443 normally, but verifying the fingerprint, it is using the "PrivateKeyEntry" for SSL, not the "trustedCertEntry". I tried to add keyAlias="server" in my server.xml, but I received this error: LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Alias name server does not identify a key entry The alias of SSL certificate needs to be same of CSR? What I did wrong? Can anybody help me? I appreciate any help! Adriano