# Please help with installing certs on Apache/Tomcat



## daniel.warner (Oct 9, 2018)

Hello all!

I'm a programmer of many years but have been forced to complete wildcard certificates on several Tomcat servers. The end goal being that a PowerShell script will auto-install these certificates on servers without any user intervention. I have the PowerShell kung-fu necessary to get the job done but I'm having real issues getting the certificates to install when doing my testing manually.
I think the problem lies in the certs that I was given to install, but I'm no expert. I keep getting errors.

The certs I was handed to convert/install/use are:
1) ourDomain.cer
2) ourDomain.p7b
3) ourDomain.pfx
4) ourDomain.csr
5) ourDomainIntermediate.cer
6) ourDomainRoot.cer

Again, all these are wildcard certs... e.g. *.mydomain.org

What's the proper way of importing all these certs into Apache/Tomcat? I need instructions using keytool and/or openssl programs. No clicking/dragging/user-intervention please.


----------



## scriptbox (Dec 7, 2018)

First you will need to create a keystore & then use the command:


```
$JAVA_HOME/bin/keytool -certreq -keylag RSA -alias -file.csr -keystroke [path/to/your/keystore]
```
to generate the CSR. The CSR is what your Certificate Authority (CA) will use to create the SSL certificate. A file yourcertificatename.csr will be created.

To import the Root Certificate use the following commands:


```
keytool -import -alias root -keystore [path/to/your/keystore] -trustcacerts -file [path/to/the/root_certificate
```


```
$keytool-import -alias [youralias] -keystore [path/to/your/keystore] -file [path/to/your_keystore]
```
Take a look at this tutorial which goes through the steps of how to configure SSL/TLS for Apache Tomcat:

+ https://hostadvice.com/how-to/how-to-configure-https-in-apache-tomcat/


----------

