- Convert the .p7b file to a .cer file with the following command:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer - Combine the new .cer file with the private key via this command:
openssl pkcs12 -export -out YourCertificate.p12 -inkey privateKey.key -in certificate.cer - Enter an export password. This password is your keystore password, and will need to be recorded for future use.
- If you received individual certificates: Put them in place of each intermediate certificate in the following command:
openssl pkcs12 -export -out SSLCertificate.p12 -inkey privateKey.key -in serverCertificate.crt -certfile Intermediate.crt - Move your YourCertificate.p12 into a tomcat home
- set its chown permissions to tomcat user.
- set chmod +x on the .p12 file.
- Edit server.xml (to uncomment the below section)
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig sslProtocol="TLS">
<Certificate certificateKeystoreFile="/usr/local/tomcat9/your certificate.p12"
certificateKeystorePassword="your password"
type="RSA" />
</SSLHostConfig>
</Connector>9. Uncomment below that has 8080 and 8443 and replace 8080 with 80 and 8443 with 443, to allow the forwarding of http to https (may require additional steps permissions to access ports 443 and 80 in linux – see other pages on this website):
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />10. Restart Tomcat