How to import a Microsoft Certificate Authority certificate into Tomcat.

Document ID : KB000053212
Last Modified Date : 14/02/2018
Show Technical Document Details


This document describes the steps needed to import a certificate into Service Desk and/or CMDB Tomcat.


  1. Run the JRE 1.6 keytool to create the .keystore file:
    D:\Program Files\CA\SC\JRE\1.6.0_00\bin>keytool -genkeypair -alias SDR12 -keyalg RSA -keystore SDR12.keystore -dname "CN=Service Desk..."

  • Create the certificate request:
    D:\Program Files\CA\SC\JRE\1.6.0_00\bin>keytool -certreq -keystore SDR12.keystore -alias SDR12 -file certrequest.txt.

  • Submit the file "certrequest.txt" to your Microsoft Certificate Authority. It should be a BASE64 encoded certificate.

  • Import the certificate (in the example below, the filename is "sd_12_new2.p7b"):
    D:\Program Files\CA\SC\JRE\1.6.0_00\bin>keytool -importcert -trustcacerts -alias SDR12 -keystore SDR12.keystore -file sd_12_new2.p7b.

  • Edit the server.xml file located in the following directory: NX_ROOT\bopcfg\www\CATALINA_BASE\conf.
    Uncomment the SSL section and add the location of the keystore file ("SDR12.keystore" in this document).
      <Connector port="8443" maxHttpHeaderSize="8192"               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"               enableLookups="false" disableUploadTimeout="true"               acceptCount="100" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\\SDR12.keystore" keystorePass="changeit" /> 
  • Recycle Tomcat:
    pdm_tomcat_nxd -c STOPpdm_tomcat_nxd -c START
  • Verify you can access Service Desk through the secure port: