1. Java Development Kit (JDK) -OR- Java Runtime Environment (JRE) version 6 update 27 or later.

2. JDK or JRE “bin” folder added to PATH Environment Variable.

3. 32-bit / 64-bit OpenSSL for Windows (v0.9.8y / v1.0.1c / v1.0.1e).

4. OpenSSL “bin” folder added to PATH Environment Variable.

Step 1: Create a .crt file containing Intermediate and TrustedRoot (CACerts Bundle) Certificates

1) Create a folder and collect all your certificates in one place. 

Intermediate (CA_Intermediate.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).

2) Open a text editor (such as Notepad++ OR Wordpad) and paste the entire body of each certificate into one text file in the following order :

a) The Intermediate Certificate – CA_Intermediate.crt 

b) The Root Certificate - TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:


(Your Intermediate certificate: CA_Intermediate.crt)



(Your Root certificate: TrustedRoot.crt)


Save the combined file as CACerts.crt. This .crt file is now ready to use in next step.

Step-2: Convert SSL Certificate and Private Key to PKCS12 format using OpenSSL

openssl pkcs12 -export -in Cert.crt -inkey PrivKey.key -certfile CACerts.crt -name tomcat -out keystore.p12 -passout pass:Seclore@123

Note1: Cert.crt is your domain certificate.

Note2: Make sure you put a password on the .p12 file - otherwise you'll get a null reference exception when you try to import it in next step.

Step-3: Convert the PKCS12 (.p12 file) to a JAVA KeyStore (using KeyTool)

keytool -importkeystore -deststorepass Seclore@123 -destkeypass Seclore@123 -destkeystore ps.keystore -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass Seclore@123 -alias tomcat

This will create a Java KeyStore file named ps.keystore and it can be used in Tomcat with the following details: 

Alias: tomcat 

Password: Seclore@123

Steps to verify the KeyStore file :

-> Start your Demo VM and login with administrator credentials.

-> Goto the policy server folder configured in the Demo VM.

-> rename the ps.keystore file and paste the new file generated here.

-> Add a loop back address and map it to the host name in the host file of the demo vm.

-> Restart the tomcat service.

-> Try by accessing the clients PS URL in the VM the Demo VM PS page should load without any issue. 


Please find the attached file for further reference.

Need more help? 

Contact Seclore Support | Chat Live