On-Premise: Configuring SSL using PFX file.


How do I configure or change the SSL certificate using PFX file?


A Java KeyStore (JKS) is a repository of security certificates and the private keys, used for instance in SSL encryption.

  • The password used to create the 'keystore' file must not contain any special characters. Otherwise, the Web Application will be unable to load the file.
  • Rename or move the existing keystore located at <TRAVERSE_HOME>/plugin/web/webapp.keystore

Configuring SSL for the Web Application using PFX file:

  • The application server (Apache Tomcat) used by Traverse uses a JKS format keystore. 

  • Create a keystore using below command.
 "TRAVERSE_HOME\apps\jre\bin\keytool" -importkeystore -srckeystore "xxxxxxxxx.pfx"    -srcstoretype pkcs12 -destkeystore "<TRAVERSE_HOME>\plugin\web\webapp.keystore"  -deststoretype JKS  -deststorepass changeit

       srckeystore -  use the PFX file name, including it's location e.g C:/Program Files/Certificates/****.pfx
       source Keystore password- password of PFX file

  • List the webapp.keystore:

         Scroll to the top of output and copy the alias name.

  "TRAVERSE_HOME\apps\jre\bin\keytool" -list -storepass changeit -keystore  "TRAVERSE_HOME\plugin\web\webapp.keystore"  -v
  • Change the alias key password to the Traverse default value of 'changeit': 

         alias:  use the alias name from the listed output.
         alias password:  Use PFX password
         New alias password:  It should be "changeit"

 "TRAVERSE_HOME\apps\jre\bin\keytool" -keypasswd -alias xxxxxxx  -keystore   "TRAVERSE_HOME\plugin\web\webapp.keystore"  -storepass changeit
  • Change the alias name:  

            alias:  use the alias name from the listed output.

  "TRAVERSE_HOME\apps\jre\bin\keytool" -changealias -alias xxxxxxx -destalias tomcat -storepass changeit -keystore "<TRAVERSE_HOME>\plugin\web\webapp.keystore"  

  • Verify the alias name "tomcat"  in webapp.keystore:
 "TRAVERSE_HOME\apps\jre\bin\keytool" -list -storepass changeit -keystore "TRAVERSE_HOME\plugin\web\webapp.keystore" -v
  • Note that the password matches the Traverse default defined  in Traverse_home\app\tomcat\conf\server.xml:
   keystorePass="changeit" keystoreFile="../../plugin/web/webapp.keystore"

  • Restart the traverse webapp 

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section