# [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

4 messages
Open this post in threaded view
|

## [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

 Hello, I try to configure my tomcat 9.0.37 installed on a windows server 2016 to use a certificate located in *cert:LocalMachine\My* I mention that I am an administrator of this machine. This certificate is also used by IIS. What I did was to configure my server.xml file like this : The error I got in tomcat logs was that the keyAlias doesn't exist but I used the CN mentioned in the description of my certificate. Is it possible for tomcat to use the windows certificate store ? The only link I found about this was : https://bz.apache.org/bugzilla/show_bug.cgi?id=56021Thanks for your help Valentin.M
Open this post in threaded view
|

## Re: [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

 Le sam. 11 juil. 2020 à 17:52, Valentin <[hidden email]> a écrit : > Hello, > > I try to configure my tomcat 9.0.37 installed on a windows server 2016 to > use a certificate located in *cert:LocalMachine\My* > > I mention that I am an administrator of this machine. > This certificate is also used by IIS. > > What I did was to configure my server.xml file like this : > > protocol="org.apache.coyote.http11.Http11NioProtocol" >                SSLEnabled="true" >                maxThreads="150" scheme="https" secure="true" >                keyAlias="myserver.domain.com" >                keystoreFile="" >                keystorePass="" >                keystoreType="Windows-My" >                clientAuth="false" sslProtocol="TLS" /> > > The error I got in tomcat logs was that the keyAlias doesn't exist but I > used the CN mentioned in the description of my certificate. > > Is it possible for tomcat to use the windows certificate store ? > The only link I found about this was : > https://bz.apache.org/bugzilla/show_bug.cgi?id=56021> > Thanks for your help > > Valentin.M > In documentation: http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore"Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores." Windows local certificates are stored in the Windows registry. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-storesSince IIS is a Windows-only product, this is the simple thing for them to do. Tomcat runs on various platforms and should support open and neutral keystore formats instead. ----------------- Daniel Savard