Import the certificate and private key

1. Enter the following command from the terminal:

openssl pkcs12 -export -in <path/to/cert>.crt -inkey 
<path/to/key>.key -out <keystore-name> -name <alias>


  • <path/to/cert>  is the full path to the location of your certificate.

  • <path/to/key>  is the full path to the location of your private key

  • <alias>  is the name you wish to use to identify this keystore entry

  • <keystore-name>  is the name you wish to use for your new keystore

2. When prompted, enter the passphrase for your key (if you have one)

3. When prompted, provide a password to use for the keystore

Import the root certificates

Note: this step may or may not be necessary for your certificate

1. Change into the jre/bin directory of your Java installation

2. Enter the following command:

     keytool -import -alias root -keystore <your_keystore_filename>
    -trustcacerts -file <filename_of_the_chain_certificate>


  • <your_keystore_filename>  is the full path to the location of your keystore

  • <filename_of_the_chain_certificate>  is the full path to your chain certificate

3. When prompted, enter the password for your keystore in order to import the chain certificate

Configure Tomcat's server.xml file 

1. Edit the file tomcat/conf/server.xml (found within the Cascade CMS directory)

2. Uncomment the SSL/TLS HTTP/1.1 Connector and add the following parameters:

     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS"
      keystoreFile="<path/to/keystore>" keystorePass="<keystore_pass_from_above>"
      keystoreAlias="<alias>" keystoreType="PKCS12" />


  • <alias>  is the name you chose to use to identify your keystore entry above

  • <path/to/keystore>  is the full path to the location of the keystore you created above

  • <keystore_pass_from_above>  is the keystore password you had set above

NOTE: To prevent issues, we recommend that you avoid using any of the following characters in your keystore password: & < > " '  

Did this answer your question?