View Full Version : [ubuntu] create CA and sign a certificate to use it with Tomcat

May 4th, 2008, 06:47 PM
Hi, I need help with this, please, I'm doing my final project degree.

I want to create a CA to sign my certificate. This is what I do:

1. I've created my certificate with keytool.

2. With this certificate I've created my CSR

3. I've created a new CA with Openssl:

./CA.pl -newca

a name
secret passphrase for the private key
more information

4. I've rename the CSR with the name "newreq.pem" and then I've signed it.

./CA.pl -sign

5. Now, I have the new certificate signed, "newcert.pem"

6. What do I have to do for use them with Tomcat??
I think I have to install the CA certificate and the signed certificate, but how??


May 8th, 2008, 10:15 PM
If you are using tomcat 6.x

Generate the cert / csr creation:


Install the generated cert into the Tomcat Keystore:


Hope that helps.

August 15th, 2008, 05:17 AM
I had originally bumped into some problems getting SSL installed in Tomcat. I think basically what you'll need to do is convert the .pem file into a .p12 file. I've written up the steps I took to get it running. It was originally done for Windows (ugh), but we've since moved it over to Ubuntu with no problems, I hope you might find it helpful: