Hi. We are a school running Tomcat 6.0.29 for Windows server 2003 with APR. I currently have an SSL certificate installed. I'm trying to update it with the renewed SSL certificate but I'm having no luck.
Here are the commands I used to create the CSR. in the jdk1.6.0_17\bin folder i used this command: keytool -certreq -keyalg RSA -alias alias2011 -file cert.csr -keystore key2011.key -keysize 2048 It then asks for a password which i enter. I generated the CSR and sent it to my SSL vendor. They e-mailed my ssl certificate back to me. But they told me that I had to install 2 intermediate Certificate files. I dowloaded a primary.crt and secondary.crt files from them. I then ran this command to import the primary.crt keytool -import -trustcacerts -alias primary -keystore key2011.key -file primary.crt Then the secondary.crt keytool -import -trustcacerts -alias secondary -keystore key2011.key -file secondary.crt finally the SSL certificate they e-mailed back. keytool -import -trustcacerts -alias alias2011 -keystore key2011.key -file 2011.crt After this I copy the key2011.key and 2011.crt to the root of tomcat. I edited server.xml to this: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="${catalina.home}/2011.crt" SSLCertificateKeyFile="${catalina.home}/key2011.key" keystorePass="somethingkey" keyalias="alias2011" SSLPassword="somethingkey"/> I didn't know the difference between SSLPassword and keystorePass so I put both in there. I never put a password for my previous ssl certificate and it worked so I'm confused why I have to put one in now. BTW here is the current server.xml that works with the about to expire SSL certificate. <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="${catalina.home}/hostname.crt" SSLCertificateKeyFile="${catalina.home}/hostname.key" /> Please help. Thanks in advance.