If you have an existing SSL certificate and you want to use this certificate in Tomcat, follow the steps below to import this SSL certificate.
Note: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format:
openssl pkcs12 -export -in $certfile -inkey $keyfile -out $keystorefile -name tomcat -CAfile $cacertfile -caname root
$FGL_HOME/jre/bin/keytool -keystore $FGL_HOME/config/tomcat.keystore -storepass nitrogen -alias tomcat -delete
Obtain the certificate’s alias name from the certificate PFX file using the following command:
$FGL_HOME/jre/bin/keytool -keystore $your_certificate_pfx_file -storepass $certificate_pfx_password -list -v
The following is an example of command output. The value of Alias name is required in step 3.
Merge the Tomcat keystore and the PKCS12 keystore using the following command:
$FGL_HOME/jre/bin/keytool -importkeystore -destkeystore $FGL_HOME/config/tomcat.keystore -deststorepass nitrogen -destalias tomcat -destkeypass nitrogen -srckeystore $your_certificate_pfx_file -srcstorepass $certificate_pfx_password -srcstoretype pkcs12 -srcalias $alias_name_in_step_2
Note: If the Foglight Management Server certificate is updated, the new certificate may need to be imported to the Foglight Agent Manager certificate store for connections to be established. For more information refer to What are the steps required to use an external signed certificate in the Foglight Managment Server? (4254114).
Technical Documentation about Importing a network security certificate.
The following command can be used to export a certificate with the private key:
$FGL_HOME/jre/bin/keytool -importkeystore -srckeystore $FGL_HOME/config/tomcat.keystore -srcstoretype JKS -destkeystore -destkeystore [output_path]/tomcat.keystore.p12 -deststoretype pkcs12
© 2025 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center