Link to home
Create AccountLog in
Avatar of adamant40

asked on

How do I export my GoDaddy SSL cert from tomcat on one server to a new server running tomcat

I have no idea what I'm doing so full, idiot proof examples would be much appreciated.

We have a Windows 2008R2 server running Tomcat which has our GoDaddy supplied SSL cert installed and working. works.

I have to setup a new server and was told by GoDaddy that I need to export the cert, but they won't give any help with that. I tried googling but just couldn't follow the exact steps needed. To make things worse,  this server is really serving out Tomcat through JBoss but I'm told that the original server was setup following directions for the tomcat side only so hoping I don't have to worry about the jboss stuff.  

1. What exact commands to I run to export the SSL cert from the running box (the tomcat.keystore file)?
2. What exact commands and files do I copy over to the new server and import the export from step 1?
3. I don't have any information on what was in the CSR request (passwords, etc.). I do have access to all the certs from the machine that is currently running SSL.

Avatar of Peter Hutchison
Peter Hutchison
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of adamant40


Hi DaveHowe. Tried copying the tomcat.keystore file, jxntm.keystore and all .crt files over to same location from working server. Recompiled the jboss, no change. It still shows the self issued SSL cert is installed. Seems like I'm pointing to a different keystore or something. Unfortunately as this is really being run under jboss there is no server.xml file I can find to edit.
Running keytool -list on the working server. Getting error "Keystore file does not exist: C:\Users\username.domain\.keystore.     No idea. Do i need to be logged in under the profile that this cert was requested under?

Load up the Certificates.msc console for the local machine, does it show the certificate there under Personal->Certificates?
Otherwise, the keystore file must be where the tomcat files are located.
Loaded up the Certificates.msc console on the local machine and verified that there is NOTHING under Personal/Certificates. Found one users who had .keystore file in the default path of C:\Users\guyname.domain\.keystore

Logging in as this sure allowed me to run keytool -list where I see
Keystore type: JKS
Keystore provider: Sun
Your Keystore contains 1 entry
tomcat, Apr 5, 2012, PrivateKeyEtnry,
Certificate Fingerprint (MD5): 58:********

Is that the certificate I'm looking for? I'm seeing tomcat.keystore in the folder where the SSL certs are. Is there a way to run keystore -list ON that file? I've tried launching the cmd window from that directory.

I'm trying to follow your directions on this cert to export it, but how do I import it into the tomcat.keystore and not the default one made in my user directory?
Looks like the way to examine the tomcat.keystore file was use keytool -list -file tomcat.keystore.   This is the kind of basic info I need. Can I get step by step instructions on how to export this?

Found correct command to be keytool -list -keystore tomcat.keystore.
I see 4 entries.
tomcat, date PrivateKeyEntry
cross, date, truestedCertEntry,
intermed, date, trustedCertEntry.

I was also able to look at the jxntm.keystore file and determine that it didn't contain anything but local certs.

Is it the root certificate I need to export and how exactly do I do that?
Dave, turns out it WAS as simple as copying over the correct keystore and certificates. The hard part was determining where JBOSS kept the server.xml file.

And thanks to instructions given by cmsxpjh I was able to locate which keyfiles contained the right certs.