EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:
PrimeKey Support, Development and Maintenance services

Obtaining a certificate for Apache Jakarta Tomcat

The process is quite simple. Send an e-mail to the SensorNetCA requesting a Tomcat certificate. The e-mail should contain:

  • The ip name of your server or node, or the name of the application
  • Your name and e-mail address
  • Your phone number
  • Your Organization
  • Your Organizational Unit
  • Your City
  • Your State
  • Your Country

The key store for your server will be generated by the CA, and is ready to use when you receive it. It is easiest if you get a .p12 certificate. This will be the default unless you ask for something else (PEM). If you do NOT want a pkcs#12 certificate, you will have to create a certificate signing request on your host. Otherwise this is not necessary.

When your request is approved, I will mail you a link to download the certificate. The certificate will be protected using the password in the e-mail. It is best if you change this to a different (but good) password.

It should not be necessary to do so, but if you need to extract the private key from the PKCS12 (.p12) file, follow these steps:

  • Convert the P12 to PEM format with the openssl 'pkcs12' utility:

$ openssl pkcs12 -in TestNode.p12 -out TestNode.pem

This will prompt you for a password for the PEM file which must be used when processing the PEM file with openssl utilities. The PEM file contains the private key. Copy everything between and including the lines 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

and store in a file with a .key extension.

Copyright © 2001-2011 EJBCA team. All rights reserved.