I want to run Tomcat with https, but there are some certificate issues.
What I did: Creating a keystore with a self signed key paor und set connector port in Tomcat to this keystore => works fine.
But I want to use a trusted certificate. I've got this as a pfx file including private key and password. I converted this pfx to a jks keystore with this command:
keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS
Command line says something like "import 1 file successfully. 0 errors". Then I added the necessary trusted files, connected to my pfx certificate, to the cacerts keystore.
But I don't get a https connection.
What I also tried: Add the trusted certificates to the same keystore that contains the converted pfx file. Of course I set the truststore parameters in the Tomcat connector to my keystore, but this did not help.
Has anybody an idea? Is there a way to get more information why I don't get a connection?
I got the solution. The keystore password and the private key password have to be the same! If not, Tomcat can't get the private key because he only knows the keystore password.