How to Convert a .pfx Certificate to a Java Keystore.

Document ID : KB000048084
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This technical documents outlines the procedure to convert a .pfx certificate into a Java keystore when configuring SSL.

Solution:

*** Replace <pfx_password>, <pfx_file>, and <pfx_password> with the actual values ***

  1. Copy the pfx file to %USM_HOME%

  2. Execute %USM_HOME%\usm.cmd

  3. Type the following command on the command prompt:

    keytool -importkeystore -deststorepass <pfx_password> -destkeystore "%USM_HOME%\.keystore" -srckeystore <pfx_file> -srcstoretype PKCS12 -srcstorepass <pfx_password>

  4. Update the keystore password in %USM_HOME%\viewService.conf:

    wrapper.java.additional.12=-Djavax.net.ssl.trustPass=<pfx_password>

  5. Update the %USM_HOME%\view\conf\server.xml
    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
    keystorePass="<pfx_password>" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files (x86)\CA\Service Catalog\.keystore"/>

  6. Restart CA Service View

Note that the keystore password will need to be the same as the pfx. This is a known bug in Tomcat 5.5.